Joke bluescreen

missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
J'ai un problème!
J'ai une page qui reste en permanence sur mon pc:warning win32/Adware.
virtumonde
warning win32/privacyremover.m64
Que dois-je faire?
J'ai essayé maint et maint fois de nettoyer mon pc qui d'ailleurs ma a chaque fois detecté 12 virus qui sais empresser de supprimer sauf un qui résiste!
Son nom joke blue screen
Je ne sais plus quoi faire, d'autant mon ordi est mon outil de travail .
Si Quelqu'un pouvais m'aider, ce serais sympa!!!
A l'heure actuelle,je ne sais plus qu'elle démarche entreprendre pour supprimer ce virus
merci d'avance pour vos réponses....
Configuration: Windows XP
Internet Explorer 7.0

23 réponses

  • 1
  • 2
Résumé de la discussion

Une machine sous Windows XP est infectée par des programmes malveillants affichant des avertissements Win32/Adware, Virtumonde et PrivacyRemover.m64, avec des pages qui se bloquent et des tentatives de nettoyage répétées échouant. Plusieurs solutions sont évoquées, notamment l’utilisation d’un rapport SmitFraudFix et la vérification des clés du fichier hosts, puis l’emploi d’outils de sécurité comme Malwarebytes et HijackThis. En cas d’échec, le recours au mode sans échec et à des manipulations prudentes sur les outils comme Combofix ou HijackThis est proposé pour permettre le nettoyage. D'autres échanges signalent des messages en anglais relatifs à des paramètres d’outils et recommandent de produire un nouveau rapport HijackThis pour évaluer les éléments actifs et suivre l’évolution.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp

    Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

    https://www.androidworld.fr/
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      merci pour ta réponse!
      je vais le faire!
      0
    2. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      Qu'est ce que tu entends par :
      maintenant allez a l'emplacement suivant:c:/program files/trend micro/hijackthis/hijackthis.exe
      pourait tu me ire où faut il que j'aille pour retomber dans cette emplacement
      merci
      0
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    poste de travail => c:/program files/trend micro/hijackthis/hijackthis.exe

    et renomme ce qui est en gras par HJT.exe

    si tu ne le trouve pas dans tes programmes, c est que tu ne l as pas installé là ou il faut...

    alors fais un rapport et je te dirai où il se trouve
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      Voilà j'espère que c'est ces fichiers que tu veux voir!!
      merci

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:13:00, on 28/08/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16705)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\SYSTEM32\OODAG.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
      C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MOTIVESB.EXE
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
      C:\WINDOWS\SYSTEM32\LPHCL11J0EA63.EXE
      C:\WINDOWS\SYSTEM32\SYSREST32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
      C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
      C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
      C:\Documents and Settings\User\Bureau\HJT.exe.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nosaki-forever.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
      O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
      O4 - HKLM\..\Run: [lphcl11j0ea63] C:\WINDOWS\system32\lphcl11j0ea63.exe
      O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
      O4 - HKLM\..\RunOnce: [tmp113593] cmd /Q /C "C:\WINDOWS\tmp113593.bat"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: officejet 6100.lnk = ?
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/User/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
      O21 - SSODL: lxqBNecvaJcp - {4455800C-EEFF-2AA6-2C2B-21D86BC0C2D8} - C:\WINDOWS\system32\aqocu.dll (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...commence par faire ceci stp :

    Option 1 - Recherche :

    télécharge smitfraudfix et enregistre le sur le bureau à cette adresse (c est le numéro 2 en bas de la page) :

    https://www.androidworld.fr/

    Ensuite double clique sur smitfraudfix puis exécuter

    Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

    copier/coller le rapport dans la réponse.
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      j'ai essayé de télécharger smitfraudix mais le lien ne fonctionne pas!!
      j'ai donc été sur le lien de l'éditeur mais il dise qu'il faut sauvegarder mais je n'ai pas toutes les données de mon pc qui ont été sauvegardé,je n'y pense pas a chaque fois
      par contre en executant ce logiciel,est ce que j'ai des risques de perdre des données sur mon pc!
      merci
      0
  4. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...tu peux exécuter le programme sans crainte ;-)

    et poste le rapport stp
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      voilà j'espère que c'est bien le rapport que tu veux
      merci
      SmitFraudFix v2.342

      Rapport fait à 23:19:47,05, 28/08/2008
      Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\SYSTEM32\OODAG.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
      C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MOTIVESB.EXE
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
      C:\WINDOWS\SYSTEM32\LPHCL11J0EA63.EXE
      C:\WINDOWS\SYSTEM32\SYSREST32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
      C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
      C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
      C:\Documents and Settings\User\Bureau\HJT.exe.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAIL.EXE
      C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts

      Fichier hosts corrompu !

      127.0.0.1 www.legal-at-spybot.info
      127.0.0.1 legal-at-spybot.info

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      AntiXPVSTFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri

      [!] Malware.Win32.EncPk-CZ.gen
      O4 - HKLM\..\Run: [lphcl11j0ea63] C:\WINDOWS\system32\lphcl11j0ea63.exe (Running)

      [!] Suspicious file
      C:\WINDOWS\system32\phcl11j0ea63.bmp

      [!] Suspicious file
      C:\WINDOWS\system32\blphcl11j0ea63.scr



      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 212.27.54.252
      DNS Server Search Order: 212.27.53.252

      Description: Broadcom USB Remote NDIS Device #3 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{552C2FE8-473C-4659-99A9-B756AAFE2197}: DhcpNameServer=192.168.1.1 194.117.200.10
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.117.200.10
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant :

    Option 2 - Nettoyage :

    Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).

    Double cliquer sur smitfraudfix

    Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    Redémarrer en mode normal et poster le rapport.

    ensuite :

    Télécharger sur le bureau malwarebytes à cette adresse :

    https://www.androidworld.fr/

    Voici un tuto pour bien l installer et bien l utiliser :

    https://www.androidworld.fr/

    Après l analyse, redémarrer le pc et poste le rapport !!

    Et refais un nouveau rapport hijackthis stp
    0
  7. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    attends !! fais pas smitfraudfix maintenant
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    fais ceci avant smitfraudfix stp :

    Télécharge cet outil de SiRi:

    http://siri.urz.free.fr/RHosts.php

    Double clique dessus pour l'exécuter

    et cliques sur " Restore original Hosts "

    ps : c est normal que rien ne se passe

    ensuire redémarre le pc

    DSL
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      ok je l'ai fais mais toujours rien de neuf ca fonctionne toujours pas!!
      0
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    quoi qui ne fonctionne pas ??
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      l'ordi a été redemarrer mais il est toujours la!!
      0
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    apres avoir fais Rhost, fais ce que je t ai demandé au message 10 :

    http://www.commentcamarche.net/forum/affich 8129310 joke bluescreen#10
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      voila le rapport

      SmitFraudFix v2.342

      Rapport fait à 23:57:04,43, 28/08/2008
      Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

      AntiXPVSTFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri

      [!] Malware.Win32.EncPk-CZ.gen
      O4 - HKLM\..\Run: [lphcl11j0ea63] C:\WINDOWS\system32\lphcl11j0ea63.exe (Running)
      Killing lphcl11j0ea63.exe
      Deleting C:\WINDOWS\system32\lphcl11j0ea63.exe
      An error occured while deleting lphcl11j0ea63.exe

      [!] Suspicious file
      C:\WINDOWS\system32\phcl11j0ea63.bmp
      Deleting C:\WINDOWS\system32\phcl11j0ea63.bmp
      phcl11j0ea63.bmp Deleted

      [!] Suspicious file
      C:\WINDOWS\system32\blphcl11j0ea63.scr
      Deleting C:\WINDOWS\system32\blphcl11j0ea63.scr
      blphcl11j0ea63.scr Deleted



      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 212.27.54.252
      DNS Server Search Order: 212.27.53.252

      Description: Broadcom USB Remote NDIS Device #3 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{552C2FE8-473C-4659-99A9-B756AAFE2197}: DhcpNameServer=192.168.1.1 194.117.200.10
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.117.200.10
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    tu nas pas fais la suppression en mode sans échec...vas la faire en mode sans échec stp
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      le mode sans echec ne repond pas en appuyant sur f8
      0
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    redémarre ton pc...

    au démarrage de ton pc, apres la premiere image avec la marque de ton pc, tapote la touche F8 jusqu à l apparition du menu des options avancées..
    0
  13. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
     
    fait en mode sans echec

    SmitFraudFix v2.342

    Rapport fait à 0:49:42,28, 29/08/2008
    Executé à partir de C:\Documents and Settings\User\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{552C2FE8-473C-4659-99A9-B756AAFE2197}: DhcpNameServer=192.168.1.1 194.117.200.10
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{18531A3D-CD3D-4AD0-933E-45FC9146AFFA}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{BB7B93A0-A965-4909-8D28-CA00D0FD3536}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.117.200.10
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant fais malwarebytes stp
    0
  15. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
     
    désolé, pour n'avoir pas pu répondre plus tôt!
    voilà ce que j'ai recu en supplément

    Protection en temps réel
    La protection en temps réel a détecté un virus, programme espion ou autre risque de sécurité, et exécuté l'action spécifiée.

    .
    Action exécutée :

    .
    Nom de l'incident :
    C:\WINDOWS\SYSTEM32\SYSREST32.EXE
    Nom de la détection :
    Possible_DLDER
    Nom de l'utilisateur :
    User
    Remarque : si l'option Rechercher / supprimer chevaux de Troie est activée et exécutée après le scan, cliquez sur Suivant pour afficher la dernière action exécutée.

    Protection en temps réel
    La protection en temps réel a détecté un virus, programme espion ou autre risque de sécurité, et exécuté l'action spécifiée.

    .
    Action exécutée :
    Accès refusé.
    .
    Nom de l'incident :
    C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP677\A0125118.scr
    Nom de la détection :
    JOKE_BLUESCREEN
    Nom de l'utilisateur :
    User
    Remarque : si l'option Rechercher / supprimer chevaux de Troie est activée et exécutée après le scan, cliquez sur Suivant pour afficher la dernière action exécutée.
    0
  16. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    as tu fais malwarebytes ??
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      c'est fait désolé !
      Malwarebytes' Anti-Malware 1.25
      Version de la base de données: 1096
      Windows 5.1.2600 Service Pack 2

      05:17:02 30/08/2008
      mbam-log-08-30-2008 (05-17-02).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 158392
      Temps écoulé: 1 hour(s), 11 minute(s), 23 second(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 8
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 11

      Processus mémoire infecté(s):
      C:\WINDOWS\system32\SYSREST32.EXE (Rootkit.Agent) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP677\A0125118.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP677\A0125128.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP677\A0125152.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP677\A0125176.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP677\A0125198.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP678\A0125246.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP678\A0125264.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{42721E6C-06C9-4C91-B884-9ABCEDB75A4A}\RP678\A0125272.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Program Files\AdwareAlert\DataBaseNew.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\lphcl11j0ea63.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      0
      1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre > missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
         
        désolé pour ne pas avoir répondu plus tôt!!
        j'espère que c'est bien le rapport que tu veux
        merci
        0
  17. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    oui c est bien ca...refais un nouveau rapport hijackthis maintenant stp
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      ok je le fais
      0
      1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre > missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
         
        Voilà le rapport!
        Pourrait tu me dire quel antivirus est vraiment fiable,comme tu as pu le constater moi j'ai le trend cillin pro!
        Je n'ai plus aucune alerte depuis hier soir,j'espère que c'est bon cette fois-ci!
        Dans tous les cas, je te dis merci pour l'aide que tu m'a apporté,je n'y searais jamais arrivé seule!!!

        Logfile of Trend Micro HijackThis v2.0.7
        Scan saved at 21:26:46, on 30/08/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16705)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\SYSTEM32\SVCHOST.EXE
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\oodag.exe
        C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
        C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
        C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
        C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MOTIVESB.EXE
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
        C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
        C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
        C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
        C:\Documents and Settings\User\Bureau\HJT.exe.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - Default URLSearchHook is missing
        O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
        O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
        O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
        O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
        O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
        O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
        O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
        O4 - Global Startup: officejet 6100.lnk = ?
        O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O21 - SSODL: lxqBNecvaJcp - {4455800C-EEFF-2AA6-2C2B-21D86BC0C2D8} - C:\WINDOWS\system32\aqocu.dll (file missing)
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
        O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
        O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
        O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
        O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
        O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
        0
      2. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre > missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
         
        Voilà le rapport!
        Pourrait tu me dire quel antivirus est vraiment fiable,comme tu as pu le constater moi j'ai le trend cillin pro!
        Je n'ai plus aucune alerte depuis hier soir,j'espère que c'est bon cette fois-ci!
        Dans tous les cas, je te dis merci pour l'aide que tu m'a apporté,je n'y searais jamais arrivé seule!!!

        Logfile of Trend Micro HijackThis v2.0.7
        Scan saved at 21:26:46, on 30/08/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16705)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\SYSTEM32\SVCHOST.EXE
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\oodag.exe
        C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
        C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
        C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
        C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MOTIVESB.EXE
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
        C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
        C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
        C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
        C:\Documents and Settings\User\Bureau\HJT.exe.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - Default URLSearchHook is missing
        O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
        O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
        O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
        O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
        O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
        O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
        O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
        O4 - Global Startup: officejet 6100.lnk = ?
        O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O21 - SSODL: lxqBNecvaJcp - {4455800C-EEFF-2AA6-2C2B-21D86BC0C2D8} - C:\WINDOWS\system32\aqocu.dll (file missing)
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
        O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
        O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
        O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
        O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
        O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
        0
  18. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ton pc est encore infecté...

    télécharge combofix (par sUBs) à cette adresse :

    (c est le numéro 5 en bas de la page) : https://www.androidworld.fr/

    et enregistre le sur le Bureau.

    désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

    Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/

    ensuite envois le rapport et refais un nouveau rapport hijackthis stp
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      Pourrais-tu me dire ce que cà veux dire:you cannot rename combofix as combofix(1)
      Please use another name, preferably made up of alphanuméric characters
      Je comprends l'anglais mais je n'arrive pas a savoir ce que signifie cette phrase
      merci!!
      0
  19. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    tu ne peux pas renommer combofix en combofix(1), utlises un autre nom, de préférence en caractères alphanumériques...

    tu as voulu renommer combofix ??
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      non c'est bon ,c'est moi qui est fait une ComboFix 08-08-30.01 - User 2008-08-31 0:40:26.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.170 [GMT 2:00]
      Endroit: C:\Documents and Settings\User\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\bin.clearspring.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\bin.clearspring.com\clearspring.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\iforex.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\Documents and Settings\User\Cookies\user@2o7[2].txt
      C:\Documents and Settings\User\Cookies\user@edt02[2].txt
      C:\Documents and Settings\User\Cookies\user@specificclick[2].txt
      C:\Documents and Settings\User\Cookies\user@zylom[1].txt
      C:\WINDOWS\pack.epk
      C:\WINDOWS\system32\AutoRun.inf

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_sysrest.sys


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-29 21:29 . 2008-08-29 23:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-08-29 21:29 . 2008-08-29 21:29 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
      2008-08-29 21:29 . 2008-08-29 21:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-08-29 21:29 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-08-29 21:29 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-08-29 00:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-08-29 00:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-08-29 00:49 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
      2008-08-29 00:49 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-08-29 00:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-08-29 00:49 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-08-29 00:49 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-08-29 00:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-08-29 00:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-08-29 00:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-08-29 00:26 . 2008-08-29 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
      2008-08-28 23:19 . 2008-08-29 00:49 3,130 --a------ C:\WINDOWS\system32\tmp.reg
      2008-08-24 22:40 . 2008-08-24 22:40 <REP> d-------- C:\Documents and Settings\User\Application Data\Jane s Hotel
      2008-08-20 23:14 . 2008-08-20 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
      2008-08-09 09:17 . 2008-08-09 09:17 1,024 ---h----- C:\diskfile1
      2008-08-08 16:32 . 2008-08-08 16:32 <REP> d-------- C:\Program Files\Safari
      2008-08-08 11:07 . 2008-08-08 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
      2008-08-01 17:32 . 2008-08-01 17:32 <REP> d-------- C:\Program Files\iTunes
      2008-08-01 17:32 . 2008-08-01 17:32 <REP> d-------- C:\Program Files\iPod
      2008-07-30 09:38 . 2008-07-30 09:38 <REP> d-------- C:\Documents and Settings\User\Application Data\Dossier de t‚l‚chargement Share-to-Web

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-30 07:32 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
      2008-08-24 21:23 --------- d-----w C:\Program Files\Zylom Games
      2008-08-24 20:40 --------- d-----w C:\Documents and Settings\User\Application Data\Zylom
      2008-08-15 09:28 --------- d-----w C:\Program Files\IncrediMail
      2008-08-08 14:33 --------- d-----w C:\Program Files\Apple Software Update
      2008-08-08 06:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-08-08 06:26 --------- d-----w C:\Program Files\Club-Internet
      2008-08-08 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-08-07 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-08-07 13:14 --------- d-----w C:\Program Files\Mindscape
      2008-08-07 13:06 --------- d-----w C:\Program Files\Bonjour
      2008-08-03 19:43 --------- d-----w C:\Documents and Settings\User\Application Data\PlayFirst
      2008-08-03 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
      2008-08-01 15:30 --------- d-----w C:\Program Files\QuickTime
      2008-07-30 07:38 --------- d-----w C:\Documents and Settings\User\Application Data\Dossier de téléchargement Share-to-Web
      2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
      2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
      2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
      2008-06-28 15:58 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
      2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
      .

      ------- Sigcheck -------

      2004-08-05 14:00 17408 c2863905b731078a697cd073354d2e8a C:\WINDOWS\system32\svchost.exe

      2004-08-05 14:00 510464 6a0db0296ea3ba0f97f64eeb0c676933 C:\WINDOWS\system32\winlogon.exe

      2007-06-13 15:22 1039872 568ee823aeb75c4ef0655d6247662876 C:\WINDOWS\explorer.exe
      2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

      2004-08-05 14:00 110592 64aa11582efcea61668008d810554da3 C:\WINDOWS\system32\services.exe

      2004-08-05 14:00 14848 ddff0c0494686d1fc8d20df799a5f8de C:\WINDOWS\system32\lsass.exe

      2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
      2004-08-05 14:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
      2005-06-11 01:53 58880 25fab8550338de845ada9d26b6c7e490 C:\WINDOWS\system32\spoolsv.exe
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 18:08 68856]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 14:22 243072]
      "updateMgr"="C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 18:21 61440]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 19:36 28672]
      "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25 1397760]
      "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
      "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
      "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-17 03:44 901185]
      "SoundMan"="SOUNDMAN.EXE" [2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:55 110592 C:\WINDOWS\system32\bthprops.cpl]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "63231:TCP"= 63231:TCP:mule
      "17070:UDP"= 17070:UDP:mule

      R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a96c4c2-65a0-11db-a453-806d6172696f}]
      \Shell\AutoRun\command - D:\ASUSACPI.exe
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

      2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

      2007-12-28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1188994060.job
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 10:56]
      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-PowerBar - (no file)
      HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
      SSODL-lxqBNecvaJcp-{4455800C-EEFF-2AA6-2C2B-21D86BC0C2D8} - C:\WINDOWS\system32\aqocu.dll


      .
      ------- Supplementary Scan -------
      .
      R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
      O8 -: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

      O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
      C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

      O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
      C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-31 00:53:15
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      C:\WINDOWS\explorer.exe [1776] 0x821735D0

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\oodag.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\IncrediMail\bin\ImApp.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-31 1:11:55 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-08-30 23:11:35

      Pre-Run: 6,096,326,656 octets libres
      Post-Run: 8,220,368,896 octets libres

      221 --- E O F --- 2008-08-14 12:03:16
      erreur!voici le rapport combofix
      0
    2. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      non c'est bon ,c'est moi qui est fait une ComboFix 08-08-30.01 - User 2008-08-31 0:40:26.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.170 [GMT 2:00]
      Endroit: C:\Documents and Settings\User\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\bin.clearspring.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\bin.clearspring.com\clearspring.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\iforex.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\Documents and Settings\User\Cookies\user@2o7[2].txt
      C:\Documents and Settings\User\Cookies\user@edt02[2].txt
      C:\Documents and Settings\User\Cookies\user@specificclick[2].txt
      C:\Documents and Settings\User\Cookies\user@zylom[1].txt
      C:\WINDOWS\pack.epk
      C:\WINDOWS\system32\AutoRun.inf

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_sysrest.sys


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-29 21:29 . 2008-08-29 23:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-08-29 21:29 . 2008-08-29 21:29 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
      2008-08-29 21:29 . 2008-08-29 21:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-08-29 21:29 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-08-29 21:29 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-08-29 00:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-08-29 00:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-08-29 00:49 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
      2008-08-29 00:49 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-08-29 00:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-08-29 00:49 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-08-29 00:49 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-08-29 00:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-08-29 00:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-08-29 00:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-08-29 00:26 . 2008-08-29 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
      2008-08-28 23:19 . 2008-08-29 00:49 3,130 --a------ C:\WINDOWS\system32\tmp.reg
      2008-08-24 22:40 . 2008-08-24 22:40 <REP> d-------- C:\Documents and Settings\User\Application Data\Jane s Hotel
      2008-08-20 23:14 . 2008-08-20 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
      2008-08-09 09:17 . 2008-08-09 09:17 1,024 ---h----- C:\diskfile1
      2008-08-08 16:32 . 2008-08-08 16:32 <REP> d-------- C:\Program Files\Safari
      2008-08-08 11:07 . 2008-08-08 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
      2008-08-01 17:32 . 2008-08-01 17:32 <REP> d-------- C:\Program Files\iTunes
      2008-08-01 17:32 . 2008-08-01 17:32 <REP> d-------- C:\Program Files\iPod
      2008-07-30 09:38 . 2008-07-30 09:38 <REP> d-------- C:\Documents and Settings\User\Application Data\Dossier de t‚l‚chargement Share-to-Web

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-30 07:32 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
      2008-08-24 21:23 --------- d-----w C:\Program Files\Zylom Games
      2008-08-24 20:40 --------- d-----w C:\Documents and Settings\User\Application Data\Zylom
      2008-08-15 09:28 --------- d-----w C:\Program Files\IncrediMail
      2008-08-08 14:33 --------- d-----w C:\Program Files\Apple Software Update
      2008-08-08 06:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-08-08 06:26 --------- d-----w C:\Program Files\Club-Internet
      2008-08-08 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-08-07 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-08-07 13:14 --------- d-----w C:\Program Files\Mindscape
      2008-08-07 13:06 --------- d-----w C:\Program Files\Bonjour
      2008-08-03 19:43 --------- d-----w C:\Documents and Settings\User\Application Data\PlayFirst
      2008-08-03 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
      2008-08-01 15:30 --------- d-----w C:\Program Files\QuickTime
      2008-07-30 07:38 --------- d-----w C:\Documents and Settings\User\Application Data\Dossier de téléchargement Share-to-Web
      2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
      2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
      2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
      2008-06-28 15:58 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
      2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
      .

      ------- Sigcheck -------

      2004-08-05 14:00 17408 c2863905b731078a697cd073354d2e8a C:\WINDOWS\system32\svchost.exe

      2004-08-05 14:00 510464 6a0db0296ea3ba0f97f64eeb0c676933 C:\WINDOWS\system32\winlogon.exe

      2007-06-13 15:22 1039872 568ee823aeb75c4ef0655d6247662876 C:\WINDOWS\explorer.exe
      2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

      2004-08-05 14:00 110592 64aa11582efcea61668008d810554da3 C:\WINDOWS\system32\services.exe

      2004-08-05 14:00 14848 ddff0c0494686d1fc8d20df799a5f8de C:\WINDOWS\system32\lsass.exe

      2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
      2004-08-05 14:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
      2005-06-11 01:53 58880 25fab8550338de845ada9d26b6c7e490 C:\WINDOWS\system32\spoolsv.exe
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 18:08 68856]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 14:22 243072]
      "updateMgr"="C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 18:21 61440]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 19:36 28672]
      "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25 1397760]
      "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
      "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
      "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-17 03:44 901185]
      "SoundMan"="SOUNDMAN.EXE" [2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:55 110592 C:\WINDOWS\system32\bthprops.cpl]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "63231:TCP"= 63231:TCP:mule
      "17070:UDP"= 17070:UDP:mule

      R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a96c4c2-65a0-11db-a453-806d6172696f}]
      \Shell\AutoRun\command - D:\ASUSACPI.exe
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

      2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

      2007-12-28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1188994060.job
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 10:56]
      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-PowerBar - (no file)
      HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
      SSODL-lxqBNecvaJcp-{4455800C-EEFF-2AA6-2C2B-21D86BC0C2D8} - C:\WINDOWS\system32\aqocu.dll


      .
      ------- Supplementary Scan -------
      .
      R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
      O8 -: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

      O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
      C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

      O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
      C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-31 00:53:15
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      C:\WINDOWS\explorer.exe [1776] 0x821735D0

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\oodag.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\IncrediMail\bin\ImApp.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-31 1:11:55 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-08-30 23:11:35

      Pre-Run: 6,096,326,656 octets libres
      Post-Run: 8,220,368,896 octets libres

      221 --- E O F --- 2008-08-14 12:03:16
      erreur!voici le rapport combofix
      0
    3. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      non c'est bon ,c'est moi qui est fait une ComboFix 08-08-30.01 - User 2008-08-31 0:40:26.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.170 [GMT 2:00]
      Endroit: C:\Documents and Settings\User\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\bin.clearspring.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\bin.clearspring.com\clearspring.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\iforex.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\9QVTQ7DB\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\Documents and Settings\User\Cookies\user@2o7[2].txt
      C:\Documents and Settings\User\Cookies\user@edt02[2].txt
      C:\Documents and Settings\User\Cookies\user@specificclick[2].txt
      C:\Documents and Settings\User\Cookies\user@zylom[1].txt
      C:\WINDOWS\pack.epk
      C:\WINDOWS\system32\AutoRun.inf

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_sysrest.sys


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-29 21:29 . 2008-08-29 23:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-08-29 21:29 . 2008-08-29 21:29 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
      2008-08-29 21:29 . 2008-08-29 21:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-08-29 21:29 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-08-29 21:29 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-08-29 00:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-08-29 00:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-08-29 00:49 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
      2008-08-29 00:49 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-08-29 00:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-08-29 00:49 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-08-29 00:49 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-08-29 00:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-08-29 00:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-08-29 00:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-08-29 00:26 . 2008-08-29 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
      2008-08-28 23:19 . 2008-08-29 00:49 3,130 --a------ C:\WINDOWS\system32\tmp.reg
      2008-08-24 22:40 . 2008-08-24 22:40 <REP> d-------- C:\Documents and Settings\User\Application Data\Jane s Hotel
      2008-08-20 23:14 . 2008-08-20 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
      2008-08-09 09:17 . 2008-08-09 09:17 1,024 ---h----- C:\diskfile1
      2008-08-08 16:32 . 2008-08-08 16:32 <REP> d-------- C:\Program Files\Safari
      2008-08-08 11:07 . 2008-08-08 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
      2008-08-01 17:32 . 2008-08-01 17:32 <REP> d-------- C:\Program Files\iTunes
      2008-08-01 17:32 . 2008-08-01 17:32 <REP> d-------- C:\Program Files\iPod
      2008-07-30 09:38 . 2008-07-30 09:38 <REP> d-------- C:\Documents and Settings\User\Application Data\Dossier de t‚l‚chargement Share-to-Web

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-30 07:32 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
      2008-08-24 21:23 --------- d-----w C:\Program Files\Zylom Games
      2008-08-24 20:40 --------- d-----w C:\Documents and Settings\User\Application Data\Zylom
      2008-08-15 09:28 --------- d-----w C:\Program Files\IncrediMail
      2008-08-08 14:33 --------- d-----w C:\Program Files\Apple Software Update
      2008-08-08 06:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-08-08 06:26 --------- d-----w C:\Program Files\Club-Internet
      2008-08-08 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-08-07 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-08-07 13:14 --------- d-----w C:\Program Files\Mindscape
      2008-08-07 13:06 --------- d-----w C:\Program Files\Bonjour
      2008-08-03 19:43 --------- d-----w C:\Documents and Settings\User\Application Data\PlayFirst
      2008-08-03 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
      2008-08-01 15:30 --------- d-----w C:\Program Files\QuickTime
      2008-07-30 07:38 --------- d-----w C:\Documents and Settings\User\Application Data\Dossier de téléchargement Share-to-Web
      2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
      2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
      2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
      2008-06-28 15:58 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
      2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
      .

      ------- Sigcheck -------

      2004-08-05 14:00 17408 c2863905b731078a697cd073354d2e8a C:\WINDOWS\system32\svchost.exe

      2004-08-05 14:00 510464 6a0db0296ea3ba0f97f64eeb0c676933 C:\WINDOWS\system32\winlogon.exe

      2007-06-13 15:22 1039872 568ee823aeb75c4ef0655d6247662876 C:\WINDOWS\explorer.exe
      2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

      2004-08-05 14:00 110592 64aa11582efcea61668008d810554da3 C:\WINDOWS\system32\services.exe

      2004-08-05 14:00 14848 ddff0c0494686d1fc8d20df799a5f8de C:\WINDOWS\system32\lsass.exe

      2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
      2004-08-05 14:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
      2005-06-11 01:53 58880 25fab8550338de845ada9d26b6c7e490 C:\WINDOWS\system32\spoolsv.exe
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 18:08 68856]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 14:22 243072]
      "updateMgr"="C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 18:21 61440]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 19:36 28672]
      "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25 1397760]
      "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
      "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
      "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-17 03:44 901185]
      "SoundMan"="SOUNDMAN.EXE" [2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:55 110592 C:\WINDOWS\system32\bthprops.cpl]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "63231:TCP"= 63231:TCP:mule
      "17070:UDP"= 17070:UDP:mule

      R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a96c4c2-65a0-11db-a453-806d6172696f}]
      \Shell\AutoRun\command - D:\ASUSACPI.exe
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

      2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

      2007-12-28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1188994060.job
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 10:56]
      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-PowerBar - (no file)
      HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
      SSODL-lxqBNecvaJcp-{4455800C-EEFF-2AA6-2C2B-21D86BC0C2D8} - C:\WINDOWS\system32\aqocu.dll


      .
      ------- Supplementary Scan -------
      .
      R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
      O8 -: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

      O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
      C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

      O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
      C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-31 00:53:15
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      C:\WINDOWS\explorer.exe [1776] 0x821735D0

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\oodag.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\IncrediMail\bin\ImApp.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-31 1:11:55 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-08-30 23:11:35

      Pre-Run: 6,096,326,656 octets libres
      Post-Run: 8,220,368,896 octets libres

      221 --- E O F --- 2008-08-14 12:03:16
      erreur!voici le rapport combofix
      0
    4. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre > missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      voici le rapport hijackthis!!
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 01:37:37, on 31/08/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16705)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\oodag.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MOTIVESB.EXE
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\User\Bureau\HJT.exe.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
      O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: officejet 6100.lnk = ?
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      0
    5. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre > missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      voici le rapport hijackthis!!
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 01:37:37, on 31/08/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16705)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\oodag.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MOTIVESB.EXE
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\User\Bureau\HJT.exe.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
      O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: officejet 6100.lnk = ?
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      0
  20. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...relance hijackthis en cliquant sur scan only et coches ces lignes stp :

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - Global Startup: officejet 6100.lnk = ?
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

    puis tu cliques sur fix checked.

    vas aussi faire ces mises à niveau suivantes stp :

    java : https://www.java.com/fr/download/manual.jsp

    adobe reader XP : https://get2.adobe.com/reader/otherversions/

    et ensuite désinstalles la version antérieure de java dans ajout/suppression de programmes.

    est ce que tu ne voulais pas un conseil pour un antivirus ??
    0
    1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
       
      voila les denier rapprt du jour avec antivirus desactivé.

      oiu qu'el antivirus nous conseil tu...
      merci encore


      ComboFix 08-08-30.03 - User 2008-08-31 12:17:11.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.107 [GMT 2:00]
      Endroit: C:\Documents and Settings\User\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-29 21:29 . 2008-08-29 23:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-08-29 21:29 . 2008-08-29 21:29 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
      2008-08-29 21:29 . 2008-08-29 21:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-08-29 21:29 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-08-29 21:29 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-08-29 00:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-08-29 00:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-08-29 00:49 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
      2008-08-29 00:49 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-08-29 00:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-08-29 00:49 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-08-29 00:49 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-08-29 00:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-08-29 00:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-08-29 00:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-08-29 00:26 . 2008-08-29 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
      2008-08-28 23:19 . 2008-08-29 00:49 3,130 --a------ C:\WINDOWS\system32\tmp.reg
      2008-08-24 22:40 . 2008-08-24 22:40 <REP> d-------- C:\Documents and Settings\User\Application Data\Jane s Hotel
      2008-08-20 23:14 . 2008-08-20 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
      2008-08-09 09:17 . 2008-08-09 09:17 1,024 ---h----- C:\diskfile1
      2008-08-08 16:32 . 2008-08-08 16:32 <REP> d-------- C:\Program Files\Safari
      2008-08-08 11:07 . 2008-08-08 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
      2008-08-01 17:32 . 2008-08-01 17:32 <REP> d-------- C:\Program Files\iTunes
      2008-08-01 17:32 . 2008-08-01 17:32 <REP> d-------- C:\Program Files\iPod
      2008-07-30 09:38 . 2008-07-30 09:38 <REP> d-------- C:\Documents and Settings\User\Application Data\Dossier de téléchargement Share-to-Web

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-31 08:20 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
      2008-08-24 21:23 --------- d-----w C:\Program Files\Zylom Games
      2008-08-24 20:40 --------- d-----w C:\Documents and Settings\User\Application Data\Zylom
      2008-08-15 09:28 --------- d-----w C:\Program Files\IncrediMail
      2008-08-08 14:33 --------- d-----w C:\Program Files\Apple Software Update
      2008-08-08 06:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-08-08 06:26 --------- d-----w C:\Program Files\Club-Internet
      2008-08-08 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-08-07 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-08-07 13:14 --------- d-----w C:\Program Files\Mindscape
      2008-08-07 13:06 --------- d-----w C:\Program Files\Bonjour
      2008-08-03 19:43 --------- d-----w C:\Documents and Settings\User\Application Data\PlayFirst
      2008-08-03 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
      2008-08-01 15:30 --------- d-----w C:\Program Files\QuickTime
      2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
      2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
      2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
      2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
      2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
      2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
      2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
      2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
      2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
      2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
      2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
      2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
      2008-06-28 15:58 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
      2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
      2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
      2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
      .

      ------- Sigcheck -------

      2004-08-05 14:00 17408 c2863905b731078a697cd073354d2e8a C:\WINDOWS\system32\svchost.exe

      2004-08-05 14:00 510464 6a0db0296ea3ba0f97f64eeb0c676933 C:\WINDOWS\system32\winlogon.exe

      2007-06-13 15:22 1039872 568ee823aeb75c4ef0655d6247662876 C:\WINDOWS\explorer.exe
      2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

      2004-08-05 14:00 110592 64aa11582efcea61668008d810554da3 C:\WINDOWS\system32\services.exe

      2004-08-05 14:00 14848 ddff0c0494686d1fc8d20df799a5f8de C:\WINDOWS\system32\lsass.exe

      2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
      2004-08-05 14:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
      2005-06-11 01:53 58880 25fab8550338de845ada9d26b6c7e490 C:\WINDOWS\system32\spoolsv.exe
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 18:08 68856]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 14:22 243072]
      "updateMgr"="C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 18:21 61440]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 19:36 28672]
      "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25 1397760]
      "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
      "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
      "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-17 03:44 901185]
      "SoundMan"="SOUNDMAN.EXE" [2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:55 110592 C:\WINDOWS\system32\bthprops.cpl]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "63231:TCP"= 63231:TCP:mule
      "17070:UDP"= 17070:UDP:mule

      R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a96c4c2-65a0-11db-a453-806d6172696f}]
      \Shell\AutoRun\command - D:\ASUSACPI.exe
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

      2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

      2007-12-28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1188994060.job
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 10:56]
      .
      .
      ------- Supplementary Scan -------
      .
      R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
      O8 -: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

      O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
      C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

      O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
      C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-31 12:21:43
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...


      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-31 12:32:51
      ComboFix-quarantined-files.txt 2008-08-31 10:31:46
      ComboFix2.txt 2008-08-30 23:11:56

      Pre-Run: 8,191,373,312 octets libres
      Post-Run: 8,184,770,560 octets libres

      188 --- E O F --- 2008-08-14 12:03:16




      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:37:57, on 31/08/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16705)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\oodag.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
      C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MOTIVESB.EXE
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\User\Bureau\HJT.exe.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Barre d'outils du menu Anti-fraude de Trend Micro - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
      O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: officejet 6100.lnk = ?
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      0
      1. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre > missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
         
        Quel antivirus pourrais-tu me conseiller stp
        merci!!!
        0
  21. missshih-tzu68 Messages postés 28 Date d'inscription   Statut Membre
     
    j'espère que maintenant ,le pc n'est plus infecté!
    oui effectivement j'aurais voulu savoir ce que tu pouvais me conseiller comme virus
    merci
    0
  • 1
  • 2