Infeté par trojan downloader

Résolu
mimoul Messages postés 63 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
slt, mon ordi est infecté par trojan downloader.Small.Buy et par Trojan.Generic. Comment porrais-je les supprimer?
Configuration: Windows Vista
Firefox 2.0.0.17

15 réponses

  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp

    ▶ Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

    https://www.androidworld.fr/

    Comment copier/coller le rapport :

    Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

    ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

    Une explication des raccourcis clavier sont illustrés sur mon site web à cette adresse :

    https://www.androidworld.fr/
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      J'ai fait comme tu m'as dit et voici le rapport:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:08:41, on 28/09/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16711)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\hp\support\hpsysdrv.exe
      C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
      C:\Windows\system32\schtasks.exe
      c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      C:\Windows\System32\mobsync.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\hp\kbd\kbd.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\Spyware Doctor\pctsGui.exe
      C:\Users\pcs\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
      O1 - Hosts: ::1 localhost
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
      O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [L07FXLRD_3199861] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Startup: Outil de notification Live Search.lnk = pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
      O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      -1
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    je ne vois pas d infections dans ton rapport mais fais quand meme cice stp :

    ▶ Télécharger malwarebytes

    ▶ Voici un tuto pour bien l installer et bien l utiliser :

    https://www.androidworld.fr/

    aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé

    Après l analyse, redémarrer le pc et poste le rapport !!
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      slt, j'ai pas eu besoin de télécharger malwarebytes parce que je l'ai déjà. Mais en l'exécutant l'ordi a redémarré sans que j'intervienne et on m'a signalé qu'il y a eu un problème. En fait cela se passe toujours , mais moi j'ai l'habitude d'exécuter malwarebytes au mode sans échec. Merci pour tes conseils.
      -1
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok :s

    ▶ Télécharger et enregistrer lopSD sur le Bureau

    (C est le numéro 4 en bas de la page)

    ▶ Double-clic Lop S&D

    ▶ Faire l'installation

    ▶ Fermer toutes les applications

    ▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
    Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

    ▶ Taper F pour français , puis presser entrée

    ▶ Taper 1

    ▶ Presser Entrée

    ▶ Le PC va redémarrer
    Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

    ▶ Attendre l'apparition du rapport
    ▶ Copier le rapport et le coller dans la réponse
    le rapport se trouve aussi à C:\lopR
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      voici le rapport:


      --------------------\\ Lop S&D 4.2.4-4 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
      BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
      USER : pcs ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1229 [VPS 080927-0] 4.8.1229 (Activated)
      C:\ (Local Disk) - NTFS - Total : 455 Go Free : 357 Go
      D:\ (Local Disk) - NTFS - Total : 10 Go Free : 1 Go
      E:\ (CD or DVD)
      F:\ (USB)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)

      "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
      Option : [1] ( 28/09/2008|14:39 )

      [ UAC => 1 ]

      --------------------\\ Listing des dossiers dans Local

      [23/04/2008|20:17] C:\Users\pcs\AppData\Local\Adobe
      [08/02/2008|14:01] C:\Users\pcs\AppData\Local\AOL
      [15/04/2008|09:28] C:\Users\pcs\AppData\Local\Apple
      [15/04/2008|09:29] C:\Users\pcs\AppData\Local\Apple Computer
      [07/02/2008|18:08] C:\Users\pcs\AppData\Local\Application Data
      [07/02/2008|18:11] C:\Users\pcs\AppData\Local\ATI
      [23/09/2008|13:52] C:\Users\pcs\AppData\Local\d3d9caps.dat
      [07/09/2008|14:46] C:\Users\pcs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [27/09/2008|17:49] C:\Users\pcs\AppData\Local\GDIPFONTCACHEV1.DAT
      [05/05/2008|11:40] C:\Users\pcs\AppData\Local\Google
      [07/02/2008|18:12] C:\Users\pcs\AppData\Local\Hewlett-Packard
      [07/02/2008|18:08] C:\Users\pcs\AppData\Local\Historique
      [28/09/2008|13:33] C:\Users\pcs\AppData\Local\IconCache.db
      [29/03/2008|12:23] C:\Users\pcs\AppData\Local\Microsoft
      [11/07/2008|20:19] C:\Users\pcs\AppData\Local\Microsoft Games
      [18/09/2008|22:42] C:\Users\pcs\AppData\Local\Microsoft Help
      [31/03/2008|19:08] C:\Users\pcs\AppData\Local\Mozilla
      [28/09/2008|12:37] C:\Users\pcs\AppData\Local\Opera
      [28/09/2008|14:38] C:\Users\pcs\AppData\Local\Temp
      [07/02/2008|18:08] C:\Users\pcs\AppData\Local\Temporary Internet Files
      [08/02/2008|18:30] C:\Users\pcs\AppData\Local\VirtualStore
      [27/03/2008|21:21] C:\Users\pcs\AppData\Local\Windows Live Writer

      --------------------\\ Tâches planifiées dans C:\Windows\tasks

      [28/09/2008 10:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{B800AB31-B5E8-436B-A0E7-AE441ECCC9FF}.job
      [28/09/2008 14:25][--ah-----] C:\Windows\tasks\SA.DAT
      [28/09/2008 13:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT

      --------------------\\ Listing des dossiers dans C:\ProgramData

      [23/04/2008|20:15] C:\ProgramData\Adobe
      [15/04/2008|09:28] C:\ProgramData\Apple
      [02/11/2006|15:02] C:\ProgramData\Application Data
      [27/02/2008|18:55] C:\ProgramData\Arcade Lab
      [13/12/2007|18:52] C:\ProgramData\ATI
      [13/06/2008|06:24] C:\ProgramData\BM2dc989b0.txt
      [15/06/2008|13:33] C:\ProgramData\BM2dc989b0.xml
      [07/02/2008|18:04] C:\ProgramData\Bureau
      [08/02/2008|15:37] C:\ProgramData\CyberLink
      [02/11/2006|15:02] C:\ProgramData\Desktop
      [02/11/2006|15:02] C:\ProgramData\Documents
      [07/02/2008|18:04] C:\ProgramData\Favoris
      [02/11/2006|15:02] C:\ProgramData\Favorites
      [25/09/2008|14:04] C:\ProgramData\GameHouse
      [27/09/2008|18:04] C:\ProgramData\Google Updater
      [07/02/2008|18:12] C:\ProgramData\Hewlett-Packard
      [13/12/2007|18:53] C:\ProgramData\HP
      [13/12/2007|18:53] C:\ProgramData\hpzinstall.log
      [10/02/2008|21:19] C:\ProgramData\InterAction studios
      [18/05/2008|12:43] C:\ProgramData\Kaspersky Lab
      [07/02/2008|18:22] C:\ProgramData\Kaspersky Lab Setup Files
      [15/06/2008|13:56] C:\ProgramData\Lavasoft
      [07/02/2008|18:13] C:\ProgramData\LuUninstall.LiveUpdate
      [15/06/2008|16:55] C:\ProgramData\Malwarebytes
      [07/02/2008|18:04] C:\ProgramData\Menu D‚marrer
      [12/06/2008|16:08] C:\ProgramData\Microsoft
      [11/09/2008|13:04] C:\ProgramData\Microsoft Help
      [07/02/2008|18:04] C:\ProgramData\ModŠles
      [13/12/2007|18:59] C:\ProgramData\muvee Technologies
      [12/02/2008|18:31] C:\ProgramData\PlayFirst
      [15/06/2008|13:05] C:\ProgramData\pskt.ini
      [17/06/2008|16:35] C:\ProgramData\Spybot - Search & Destroy
      [02/11/2006|15:02] C:\ProgramData\Start Menu
      [18/08/2008|16:44] C:\ProgramData\SweetIM
      [07/02/2008|18:18] C:\ProgramData\Symantec
      [28/09/2008|14:25] C:\ProgramData\TEMP
      [02/11/2006|15:02] C:\ProgramData\Templates
      [25/09/2008|14:04] C:\ProgramData\Trymedia
      [08/02/2008|18:18] C:\ProgramData\UDL
      [17/06/2008|16:46] C:\ProgramData\WildTangent
      [29/03/2008|11:40] C:\ProgramData\WLInstaller
      [01/04/2008|17:28] C:\ProgramData\Yahoo!
      [02/04/2008|15:57] C:\ProgramData\Yahoo! Companion

      --------------------\\ Listing des dossiers dans C:\Program Files

      [16/03/2008|14:26] C:\Program Files\.castanet
      [16/03/2008|14:25] C:\Program Files\3DSetup
      [25/03/2008|20:15] C:\Program Files\3ivx
      [27/09/2008|12:19] C:\Program Files\Adobe
      [30/04/2008|23:06] C:\Program Files\Alwil Software
      [25/03/2008|20:17] C:\Program Files\AngelPotion Video Codec V1
      [07/02/2008|18:08] C:\Program Files\AOL
      [15/05/2008|13:37] C:\Program Files\Apple Software Update
      [17/06/2008|17:46] C:\Program Files\a-squared Free
      [13/12/2007|18:48] C:\Program Files\ATI
      [13/12/2007|18:49] C:\Program Files\ATI Technologies
      [27/09/2008|17:35] C:\Program Files\Bandoo
      [16/06/2008|16:33] C:\Program Files\BitDefender
      [15/04/2008|09:28] C:\Program Files\Bonjour
      [28/09/2008|13:32] C:\Program Files\BoontyGames
      [27/09/2008|17:37] C:\Program Files\Common Files
      [22/02/2008|13:21] C:\Program Files\CONEXANT
      [10/06/2008|14:37] C:\Program Files\Core Design
      [27/09/2008|17:53] C:\Program Files\CyberLink
      [16/03/2008|14:25] C:\Program Files\data
      [27/03/2008|23:12] C:\Program Files\directx
      [27/09/2008|17:53] C:\Program Files\DivX
      [14/12/2007|02:41] C:\Program Files\EasyBits
      [08/02/2008|18:14] C:\Program Files\EPSON
      [07/02/2008|18:04] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
      [22/08/2008|16:01] C:\Program Files\Fizzy
      [18/06/2008|15:40] C:\Program Files\Franson
      [30/03/2008|16:03] C:\Program Files\Google
      [25/03/2008|20:16] C:\Program Files\GSpot
      [22/08/2008|16:09] C:\Program Files\Hawaiian Runner
      [13/12/2007|19:06] C:\Program Files\Hewlett-Packard
      [13/12/2007|19:01] C:\Program Files\HP
      [17/06/2008|16:50] C:\Program Files\HP Games
      [27/09/2008|17:54] C:\Program Files\InstallShield Installation Information
      [13/12/2007|18:48] C:\Program Files\Intel
      [19/08/2008|12:32] C:\Program Files\Internet Explorer
      [13/12/2007|19:01] C:\Program Files\Java
      [01/07/2008|18:34] C:\Program Files\KONAMI
      [01/05/2008|18:17] C:\Program Files\Learning Essentials
      [17/06/2008|14:59] C:\Program Files\Malwarebytes' Anti-Malware
      [25/03/2008|20:20] C:\Program Files\Matroska Pack
      [30/03/2008|16:35] C:\Program Files\MegauploadToolbar
      [01/05/2008|18:22] C:\Program Files\Microsoft Etudes
      [02/11/2006|14:37] C:\Program Files\Microsoft Games
      [07/02/2008|18:30] C:\Program Files\Microsoft Office
      [07/02/2008|18:30] C:\Program Files\Microsoft Visual Studio
      [07/02/2008|18:27] C:\Program Files\Microsoft Visual Studio 8
      [07/02/2008|18:30] C:\Program Files\Microsoft Works
      [07/02/2008|18:29] C:\Program Files\Microsoft.NET
      [16/03/2008|14:25] C:\Program Files\mmskin
      [14/12/2007|02:53] C:\Program Files\Movie Maker
      [25/09/2008|15:36] C:\Program Files\Mozilla Firefox
      [07/02/2008|18:30] C:\Program Files\MSBuild
      [02/11/2006|14:37] C:\Program Files\MSN
      [28/09/2008|13:06] C:\Program Files\MSN Games
      [17/06/2008|22:16] C:\Program Files\Namco
      [28/09/2008|13:33] C:\Program Files\Opera
      [27/04/2008|13:25] C:\Program Files\PC Camera
      [25/03/2008|20:18] C:\Program Files\Pinnacle
      [27/03/2008|18:51] C:\Program Files\PopCap Games
      [11/02/2008|20:58] C:\Program Files\Portrait Displays
      [22/06/2008|16:33] C:\Program Files\Real
      [02/11/2006|14:37] C:\Program Files\Reference Assemblies
      [15/04/2008|09:29] C:\Program Files\Safari
      [13/12/2007|19:10] C:\Program Files\Services en ligne
      [17/06/2008|17:46] C:\Program Files\Spybot - Search & Destroy
      [26/09/2008|17:07] C:\Program Files\Spyware Doctor
      [16/03/2008|14:26] C:\Program Files\Support
      [18/08/2008|16:44] C:\Program Files\SweetIM
      [17/06/2008|16:36] C:\Program Files\Telltale Games
      [16/03/2008|14:25] C:\Program Files\thrash
      [01/06/2008|13:27] C:\Program Files\Uniblue
      [02/11/2006|15:01] C:\Program Files\Uninstall Information
      [16/03/2008|14:25] C:\Program Files\user
      [14/12/2007|03:16] C:\Program Files\Windows Calendar
      [14/12/2007|02:53] C:\Program Files\Windows Collaboration
      [14/12/2007|03:00] C:\Program Files\Windows Defender
      [14/12/2007|02:53] C:\Program Files\Windows Journal
      [29/03/2008|12:09] C:\Program Files\Windows Live
      [19/08/2008|12:32] C:\Program Files\Windows Mail
      [25/03/2008|20:19] C:\Program Files\Windows Media Components
      [14/12/2007|03:23] C:\Program Files\Windows Media Player
      [07/02/2008|18:04] C:\Program Files\Windows NT
      [14/12/2007|02:53] C:\Program Files\Windows Photo Gallery
      [22/02/2008|20:14] C:\Program Files\Windows Sidebar
      [25/03/2008|20:18] C:\Program Files\XviD
      [01/04/2008|17:22] C:\Program Files\Yahoo!

      --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

      [23/04/2008|20:16] C:\Program Files\Common Files\Adobe
      [16/06/2008|15:44] C:\Program Files\Common Files\BitDefender
      [07/02/2008|18:30] C:\Program Files\Common Files\DESIGNER
      [13/12/2007|18:53] C:\Program Files\Common Files\HP
      [08/02/2008|18:21] C:\Program Files\Common Files\InstallShield
      [13/12/2007|19:01] C:\Program Files\Common Files\Java
      [13/12/2007|18:59] C:\Program Files\Common Files\LightScribe
      [13/12/2007|18:59] C:\Program Files\Common Files\LS Getting Started
      [23/08/2008|11:11] C:\Program Files\Common Files\microsoft shared
      [11/02/2008|20:59] C:\Program Files\Common Files\Portrait Displays
      [22/06/2008|16:34] C:\Program Files\Common Files\Real
      [02/11/2006|13:18] C:\Program Files\Common Files\Services
      [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
      [07/02/2008|18:37] C:\Program Files\Common Files\Symantec Shared
      [07/02/2008|18:27] C:\Program Files\Common Files\System
      [27/03/2008|19:28] C:\Program Files\Common Files\WindowsLiveInstaller
      [22/06/2008|16:34] C:\Program Files\Common Files\xing shared

      --------------------\\ Process

      ( 80 Processes )

      ... OK !

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      C:\Users\pcs\AppData\Local\Temp\nsrE87E.tmp
      C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies\pcs@advertising[1].txt
      C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies\pcs@adopt.euroclick[1].txt

      --------------------\\ Verification du Registre

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts PROPRE


      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-09-28 14:39:28
      Windows 6.0.6000 NTFS
      detected NTDLL code modification:
      ZwClose
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [F:1266][D:60]-> C:\Users\pcs\AppData\Local\Temp
      [F:167][D:1]-> C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies
      [F:736][D:6]-> C:\Users\pcs\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
      [F:11][D:5]-> C:\$Recycle.Bin

      1 - "C:\Lop SD\LopR_1.txt" - 28/09/2008|14:41 - Option : [1]

      --------------------\\ Fin du rapport a 14:41:38
      [ UAC => 1 ]
      -1
  4. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant :

    ▶ Relance Lop S&D

    ▶ Choisis cette fois-ci l'option 2 (Suppression)

    ▶ Ne ferme pas la fenêtre lors de la suppression !

    ▶ Poste le rapport généré (C:\lopR.txt)

    * (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

    ensuite :

    ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    ▶ Va dans démarrer puis panneau de configuration
    ▶ Double Clique sur l'icône "Comptes d'utilisateurs"
    ▶ Clique ensuite sur désactiver et valide.

    ▶ Télécharge Combofix de sUBs

    (c est le numéro 5 en bas de la page)

    ▶ et enregistre le sur le Bureau.

    ▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

    Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ensuite envois le rapport et refais un nouveau rapport hijackthis stp
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      voici le 1er rapport:


      --------------------\\ Lop S&D 4.2.4-4 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
      BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
      USER : pcs ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1229 [VPS 080927-0] 4.8.1229 (Activated)
      C:\ (Local Disk) - NTFS - Total : 455 Go Free : 357 Go
      D:\ (Local Disk) - NTFS - Total : 10 Go Free : 1 Go
      E:\ (CD or DVD)
      F:\ (USB)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)

      "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
      Option : [2] ( 28/09/2008|14:52 )

      [ UAC => 1 ]


      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

      Supprime! - C:\Users\pcs\AppData\Local\Temp\nsrE87E.tmp
      Supprime! - C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies\pcs@advertising[1].txt
      Supprime! - C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies\pcs@adopt.euroclick[1].txt
      -
      [ Fichier Hosts ] .. Restaure!

      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


      --------------------\\ Listing des dossiers dans Local

      [23/04/2008|20:17] C:\Users\pcs\AppData\Local\Adobe
      [08/02/2008|14:01] C:\Users\pcs\AppData\Local\AOL
      [15/04/2008|09:28] C:\Users\pcs\AppData\Local\Apple
      [15/04/2008|09:29] C:\Users\pcs\AppData\Local\Apple Computer
      [07/02/2008|18:08] C:\Users\pcs\AppData\Local\Application Data
      [07/02/2008|18:11] C:\Users\pcs\AppData\Local\ATI
      [23/09/2008|13:52] C:\Users\pcs\AppData\Local\d3d9caps.dat
      [07/09/2008|14:46] C:\Users\pcs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [27/09/2008|17:49] C:\Users\pcs\AppData\Local\GDIPFONTCACHEV1.DAT
      [05/05/2008|11:40] C:\Users\pcs\AppData\Local\Google
      [07/02/2008|18:12] C:\Users\pcs\AppData\Local\Hewlett-Packard
      [07/02/2008|18:08] C:\Users\pcs\AppData\Local\Historique
      [28/09/2008|13:33] C:\Users\pcs\AppData\Local\IconCache.db
      [29/03/2008|12:23] C:\Users\pcs\AppData\Local\Microsoft
      [11/07/2008|20:19] C:\Users\pcs\AppData\Local\Microsoft Games
      [18/09/2008|22:42] C:\Users\pcs\AppData\Local\Microsoft Help
      [31/03/2008|19:08] C:\Users\pcs\AppData\Local\Mozilla
      [28/09/2008|12:37] C:\Users\pcs\AppData\Local\Opera
      [28/09/2008|14:52] C:\Users\pcs\AppData\Local\Temp
      [07/02/2008|18:08] C:\Users\pcs\AppData\Local\Temporary Internet Files
      [08/02/2008|18:30] C:\Users\pcs\AppData\Local\VirtualStore
      [27/03/2008|21:21] C:\Users\pcs\AppData\Local\Windows Live Writer

      --------------------\\ Tâches planifiées dans C:\Windows\tasks

      [28/09/2008 10:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{B800AB31-B5E8-436B-A0E7-AE441ECCC9FF}.job
      [28/09/2008 14:25][--ah-----] C:\Windows\tasks\SA.DAT
      [28/09/2008 13:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT

      --------------------\\ Listing des dossiers dans C:\ProgramData

      [23/04/2008|20:15] C:\ProgramData\Adobe
      [15/04/2008|09:28] C:\ProgramData\Apple
      [02/11/2006|15:02] C:\ProgramData\Application Data
      [27/02/2008|18:55] C:\ProgramData\Arcade Lab
      [13/12/2007|18:52] C:\ProgramData\ATI
      [13/06/2008|06:24] C:\ProgramData\BM2dc989b0.txt
      [15/06/2008|13:33] C:\ProgramData\BM2dc989b0.xml
      [07/02/2008|18:04] C:\ProgramData\Bureau
      [08/02/2008|15:37] C:\ProgramData\CyberLink
      [02/11/2006|15:02] C:\ProgramData\Desktop
      [02/11/2006|15:02] C:\ProgramData\Documents
      [07/02/2008|18:04] C:\ProgramData\Favoris
      [02/11/2006|15:02] C:\ProgramData\Favorites
      [25/09/2008|14:04] C:\ProgramData\GameHouse
      [27/09/2008|18:04] C:\ProgramData\Google Updater
      [07/02/2008|18:12] C:\ProgramData\Hewlett-Packard
      [13/12/2007|18:53] C:\ProgramData\HP
      [13/12/2007|18:53] C:\ProgramData\hpzinstall.log
      [10/02/2008|21:19] C:\ProgramData\InterAction studios
      [18/05/2008|12:43] C:\ProgramData\Kaspersky Lab
      [07/02/2008|18:22] C:\ProgramData\Kaspersky Lab Setup Files
      [15/06/2008|13:56] C:\ProgramData\Lavasoft
      [07/02/2008|18:13] C:\ProgramData\LuUninstall.LiveUpdate
      [15/06/2008|16:55] C:\ProgramData\Malwarebytes
      [07/02/2008|18:04] C:\ProgramData\Menu D‚marrer
      [12/06/2008|16:08] C:\ProgramData\Microsoft
      [11/09/2008|13:04] C:\ProgramData\Microsoft Help
      [07/02/2008|18:04] C:\ProgramData\ModŠles
      [13/12/2007|18:59] C:\ProgramData\muvee Technologies
      [12/02/2008|18:31] C:\ProgramData\PlayFirst
      [15/06/2008|13:05] C:\ProgramData\pskt.ini
      [17/06/2008|16:35] C:\ProgramData\Spybot - Search & Destroy
      [02/11/2006|15:02] C:\ProgramData\Start Menu
      [18/08/2008|16:44] C:\ProgramData\SweetIM
      [07/02/2008|18:18] C:\ProgramData\Symantec
      [28/09/2008|14:25] C:\ProgramData\TEMP
      [02/11/2006|15:02] C:\ProgramData\Templates
      [25/09/2008|14:04] C:\ProgramData\Trymedia
      [08/02/2008|18:18] C:\ProgramData\UDL
      [17/06/2008|16:46] C:\ProgramData\WildTangent
      [29/03/2008|11:40] C:\ProgramData\WLInstaller
      [01/04/2008|17:28] C:\ProgramData\Yahoo!
      [02/04/2008|15:57] C:\ProgramData\Yahoo! Companion

      --------------------\\ Listing des dossiers dans C:\Program Files

      [16/03/2008|14:26] C:\Program Files\.castanet
      [16/03/2008|14:25] C:\Program Files\3DSetup
      [25/03/2008|20:15] C:\Program Files\3ivx
      [27/09/2008|12:19] C:\Program Files\Adobe
      [30/04/2008|23:06] C:\Program Files\Alwil Software
      [25/03/2008|20:17] C:\Program Files\AngelPotion Video Codec V1
      [07/02/2008|18:08] C:\Program Files\AOL
      [15/05/2008|13:37] C:\Program Files\Apple Software Update
      [17/06/2008|17:46] C:\Program Files\a-squared Free
      [13/12/2007|18:48] C:\Program Files\ATI
      [13/12/2007|18:49] C:\Program Files\ATI Technologies
      [27/09/2008|17:35] C:\Program Files\Bandoo
      [16/06/2008|16:33] C:\Program Files\BitDefender
      [15/04/2008|09:28] C:\Program Files\Bonjour
      [28/09/2008|13:32] C:\Program Files\BoontyGames
      [27/09/2008|17:37] C:\Program Files\Common Files
      [22/02/2008|13:21] C:\Program Files\CONEXANT
      [10/06/2008|14:37] C:\Program Files\Core Design
      [27/09/2008|17:53] C:\Program Files\CyberLink
      [16/03/2008|14:25] C:\Program Files\data
      [27/03/2008|23:12] C:\Program Files\directx
      [27/09/2008|17:53] C:\Program Files\DivX
      [14/12/2007|02:41] C:\Program Files\EasyBits
      [08/02/2008|18:14] C:\Program Files\EPSON
      [07/02/2008|18:04] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
      [22/08/2008|16:01] C:\Program Files\Fizzy
      [18/06/2008|15:40] C:\Program Files\Franson
      [30/03/2008|16:03] C:\Program Files\Google
      [25/03/2008|20:16] C:\Program Files\GSpot
      [22/08/2008|16:09] C:\Program Files\Hawaiian Runner
      [13/12/2007|19:06] C:\Program Files\Hewlett-Packard
      [13/12/2007|19:01] C:\Program Files\HP
      [17/06/2008|16:50] C:\Program Files\HP Games
      [27/09/2008|17:54] C:\Program Files\InstallShield Installation Information
      [13/12/2007|18:48] C:\Program Files\Intel
      [19/08/2008|12:32] C:\Program Files\Internet Explorer
      [13/12/2007|19:01] C:\Program Files\Java
      [01/07/2008|18:34] C:\Program Files\KONAMI
      [01/05/2008|18:17] C:\Program Files\Learning Essentials
      [17/06/2008|14:59] C:\Program Files\Malwarebytes' Anti-Malware
      [25/03/2008|20:20] C:\Program Files\Matroska Pack
      [30/03/2008|16:35] C:\Program Files\MegauploadToolbar
      [01/05/2008|18:22] C:\Program Files\Microsoft Etudes
      [02/11/2006|14:37] C:\Program Files\Microsoft Games
      [07/02/2008|18:30] C:\Program Files\Microsoft Office
      [07/02/2008|18:30] C:\Program Files\Microsoft Visual Studio
      [07/02/2008|18:27] C:\Program Files\Microsoft Visual Studio 8
      [07/02/2008|18:30] C:\Program Files\Microsoft Works
      [07/02/2008|18:29] C:\Program Files\Microsoft.NET
      [16/03/2008|14:25] C:\Program Files\mmskin
      [14/12/2007|02:53] C:\Program Files\Movie Maker
      [25/09/2008|15:36] C:\Program Files\Mozilla Firefox
      [07/02/2008|18:30] C:\Program Files\MSBuild
      [02/11/2006|14:37] C:\Program Files\MSN
      [28/09/2008|13:06] C:\Program Files\MSN Games
      [17/06/2008|22:16] C:\Program Files\Namco
      [28/09/2008|13:33] C:\Program Files\Opera
      [27/04/2008|13:25] C:\Program Files\PC Camera
      [25/03/2008|20:18] C:\Program Files\Pinnacle
      [27/03/2008|18:51] C:\Program Files\PopCap Games
      [11/02/2008|20:58] C:\Program Files\Portrait Displays
      [22/06/2008|16:33] C:\Program Files\Real
      [02/11/2006|14:37] C:\Program Files\Reference Assemblies
      [15/04/2008|09:29] C:\Program Files\Safari
      [13/12/2007|19:10] C:\Program Files\Services en ligne
      [17/06/2008|17:46] C:\Program Files\Spybot - Search & Destroy
      [26/09/2008|17:07] C:\Program Files\Spyware Doctor
      [16/03/2008|14:26] C:\Program Files\Support
      [18/08/2008|16:44] C:\Program Files\SweetIM
      [17/06/2008|16:36] C:\Program Files\Telltale Games
      [16/03/2008|14:25] C:\Program Files\thrash
      [01/06/2008|13:27] C:\Program Files\Uniblue
      [02/11/2006|15:01] C:\Program Files\Uninstall Information
      [16/03/2008|14:25] C:\Program Files\user
      [14/12/2007|03:16] C:\Program Files\Windows Calendar
      [14/12/2007|02:53] C:\Program Files\Windows Collaboration
      [14/12/2007|03:00] C:\Program Files\Windows Defender
      [14/12/2007|02:53] C:\Program Files\Windows Journal
      [29/03/2008|12:09] C:\Program Files\Windows Live
      [19/08/2008|12:32] C:\Program Files\Windows Mail
      [25/03/2008|20:19] C:\Program Files\Windows Media Components
      [14/12/2007|03:23] C:\Program Files\Windows Media Player
      [07/02/2008|18:04] C:\Program Files\Windows NT
      [14/12/2007|02:53] C:\Program Files\Windows Photo Gallery
      [22/02/2008|20:14] C:\Program Files\Windows Sidebar
      [25/03/2008|20:18] C:\Program Files\XviD
      [01/04/2008|17:22] C:\Program Files\Yahoo!

      --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

      [23/04/2008|20:16] C:\Program Files\Common Files\Adobe
      [16/06/2008|15:44] C:\Program Files\Common Files\BitDefender
      [07/02/2008|18:30] C:\Program Files\Common Files\DESIGNER
      [13/12/2007|18:53] C:\Program Files\Common Files\HP
      [08/02/2008|18:21] C:\Program Files\Common Files\InstallShield
      [13/12/2007|19:01] C:\Program Files\Common Files\Java
      [13/12/2007|18:59] C:\Program Files\Common Files\LightScribe
      [13/12/2007|18:59] C:\Program Files\Common Files\LS Getting Started
      [23/08/2008|11:11] C:\Program Files\Common Files\microsoft shared
      [11/02/2008|20:59] C:\Program Files\Common Files\Portrait Displays
      [22/06/2008|16:34] C:\Program Files\Common Files\Real
      [02/11/2006|13:18] C:\Program Files\Common Files\Services
      [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
      [07/02/2008|18:37] C:\Program Files\Common Files\Symantec Shared
      [07/02/2008|18:27] C:\Program Files\Common Files\System
      [27/03/2008|19:28] C:\Program Files\Common Files\WindowsLiveInstaller
      [22/06/2008|16:34] C:\Program Files\Common Files\xing shared

      --------------------\\ Process

      ( 79 Processes )

      ... OK !

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Verification du Registre

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts PROPRE


      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-09-28 14:53:15
      Windows 5.1.2600 Service Pack 2 NTFS
      detected NTDLL code modification:
      ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
      scanning hidden processes ...
      scanning hidden files ...
      C:\Users\pcs\AppData\Local\Temp\~DF12E0.tmp
      C:\Users\pcs\AppData\Local\Temp\~DF12EA.tmp
      scan completed successfully
      hidden processes: 0
      hidden files: 2

      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [F:1255][D:60]-> C:\Users\pcs\AppData\Local\Temp
      [F:165][D:1]-> C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies
      [F:736][D:6]-> C:\Users\pcs\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
      [F:11][D:5]-> C:\$Recycle.Bin

      1 - "C:\Lop SD\LopR_1.txt" - 28/09/2008|14:41 - Option : [1]
      2 - "C:\Lop SD\LopR_2.txt" - 28/09/2008|14:55 - Option : [2]

      --------------------\\ Fin du rapport a 14:55:33
      [ UAC => 1 ]


      et voici le rapport hijacthis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:04:50, on 28/09/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16711)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\hp\support\hpsysdrv.exe
      C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
      c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Windows\system32\schtasks.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
      C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\hp\kbd\kbd.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Users\pcs\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
      O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [L07FXLRD_3199861] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Startup: Outil de notification Live Search.lnk = pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
      O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant fais combofix stp
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      j'ai posté le compte rendu combofix , stp reviens à la discussion pour jeter un coup d'oeil.
      -1
  7. mimoul Messages postés 63 Statut Membre 1
     
    voici le compte rendu combofix:

    ComboFix 08-09-27.03 - pcs 2008-09-28 15:10:57.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1256 [GMT 2:00]
    Lancé depuis: C:\Users\pcs\Desktop\1234.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Windows\system32\jusched.exe
    C:\Windows\system32\MSINET.oca

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://ftp.hp.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-28 14:38 . 2008-09-28 14:55 <REP> d-------- C:\Lop SD
    2008-09-28 13:32 . 2008-09-28 13:32 <REP> d-------- C:\Program Files\BoontyGames
    2008-09-28 13:28 . 2008-09-28 13:28 <REP> d-------- C:\Boonty
    2008-09-28 13:06 . 2008-09-28 13:06 <REP> d-------- C:\Program Files\MSN Games
    2008-09-28 13:06 . 2008-09-28 13:06 192,512 --a------ C:\Windows\off-road-uninst.exe
    2008-09-25 14:04 . 2008-09-25 14:04 <REP> d-------- C:\Users\All Users\Trymedia
    2008-09-25 14:04 . 2008-09-25 14:04 <REP> d-------- C:\Users\All Users\GameHouse
    2008-09-25 14:04 . 2008-09-25 14:04 <REP> d-------- C:\ProgramData\Trymedia
    2008-09-25 14:04 . 2008-09-25 14:04 <REP> d-------- C:\ProgramData\GameHouse
    2008-09-10 12:24 . 2008-07-31 01:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-09-10 12:24 . 2008-07-31 05:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-09-10 12:24 . 2008-07-31 05:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
    2008-09-10 12:21 . 2008-06-26 05:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-28 13:01 --------- d---a-w C:\ProgramData\TEMP
    2008-09-28 11:37 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-09-28 11:33 --------- d-----w C:\Program Files\Opera
    2008-09-27 16:04 --------- d-----w C:\ProgramData\Google Updater
    2008-09-27 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-27 15:53 --------- d-----w C:\Program Files\DivX
    2008-09-27 15:53 --------- d-----w C:\Program Files\CyberLink
    2008-09-27 15:41 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-09-27 15:35 --------- d-----w C:\Program Files\Bandoo
    2008-09-26 15:07 --------- d-----w C:\Program Files\Spyware Doctor
    2008-09-11 11:04 --------- d-----w C:\ProgramData\Microsoft Help
    2008-08-22 14:09 --------- d-----w C:\Users\pcs\AppData\Roaming\fizzy
    2008-08-22 14:09 --------- d-----w C:\Program Files\Hawaiian Runner
    2008-08-22 14:01 --------- d-----w C:\Program Files\Fizzy
    2008-08-19 10:32 --------- d-----w C:\Program Files\Windows Mail
    2008-08-18 14:44 --------- d-----w C:\ProgramData\SweetIM
    2008-08-18 14:44 --------- d-----w C:\Program Files\SweetIM
    2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
    2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-07-13 14:11 174 --sha-w C:\Program Files\desktop.ini
    2008-03-25 18:18 1,298 ----a-w C:\Program Files\INSTALL.LOG
    2002-04-20 14:36 41,709 ----a-w C:\Program Files\RegSetup.exe
    2002-04-20 14:28 313 ----a-w C:\Program Files\2002 FIFA World Cup TM.lnk
    2002-04-20 12:44 2,490,368 ------w C:\Program Files\fifawc.exe
    2002-03-04 17:40 3,536 ----a-w C:\Program Files\fifawc.lib
    2002-03-04 17:40 1,860 ----a-w C:\Program Files\fifawc.exp
    2002-02-20 17:12 16,565 ------w C:\Program Files\ReadMe.txt
    2002-02-13 12:11 28,672 ----a-w C:\Program Files\FIFA02R_sv.dll
    2002-02-13 12:11 28,672 ----a-w C:\Program Files\FIFA02R_pt.dll
    2002-02-13 12:11 28,672 ----a-w C:\Program Files\FIFA02R_ko.dll
    2002-02-12 00:26 7,410 ----a-w C:\Program Files\test.map
    2002-02-12 00:26 7,410 ----a-w C:\Program Files\scenario.bin
    2002-02-12 00:26 113 ----a-w C:\Program Files\soccer.ini
    1998-02-10 17:34 128,000 ----a-w C:\Program Files\UNWISE.EXE
    2008-04-24 10:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-04-24 10:31 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-04-24 10:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-02-08 17:48 56 --sh--r C:\Windows\System32\FFEA7521F2.sys
    2008-03-25 18:16 848 --sha-w C:\Windows\System32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-07-06 173368]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-07-06 12:44 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-22 1232896]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-30 68856]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
    "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-04-25 280064]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-22 185896]
    "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-07-06 111928]

    C:\Users\pcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de notification Live Search.lnk - C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-04-19 152616]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-30 124400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\bandoo\bndhook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "vidc.3IV2"= 3ivxVfWCodec.dll
    "VIDC.AP41"= APmpg4v1.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-349797978-2833223424-2454343011-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C89CAF95-4D5B-4004-8715-A9F7085CF6C6}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{412CE1B8-E0C2-4255-8734-1D4C9FE2E473}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{C517D3F9-6348-4D10-8A27-30823D06F106}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{1FB9F1C6-FDED-4850-926E-A9A1E16C824E}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{A049DD61-4720-458B-9813-3E8D5E20DD71}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{F6F9C344-56A8-475B-B2FC-71CAD6950188}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{65D09C4B-6BAC-4559-97F4-9F52875FF77B}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{0A44E29F-DBA5-458D-B418-8BD80A6CE8A3}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{A5204EBD-0224-4522-A3FB-009C3ECCEDD8}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{F12BF83E-B865-4D5A-ACAA-1EAC00F75DD3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{617120EF-3D4F-4C19-94A8-8DF38ED232B1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{5FA61B8B-7BA8-49DB-B95E-DF7BB2821C2B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{37FDE4BF-AD75-4FD1-A9C2-CC02A3BB2F76}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{DFEE5C9A-A16C-470D-B86E-3909F3BD804A}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{83743841-3163-4CAE-B840-63B751E220CC}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "DoNotAllowExceptions"= 0 (0x0)

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-15 3151872]
    R3 CAM1210;SM0121 USB 2.0 Video Camera;C:\Windows\system32\Drivers\cam1210.sys [2006-07-24 89856]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-11 34296]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04237b94-e95b-11dc-9a90-001e8c40a85a}]
    \shell\AutoRun\command - wscript.exe .\.vbs
    \shell\open\command - wscript.exe .\.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ada988b6-160b-11dd-a690-001e8c40a85a}]
    \shell\AutoRun\command - J:\jfvkcsy.bat
    \shell\explore\Command - J:\jfvkcsy.bat
    \shell\open\Command - J:\jfvkcsy.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3554876-8657-11dd-877a-001e8c40a85a}]
    \shell\AutoRun\command - wscript.exe .\.vbs
    \shell\open\command - wscript.exe .\.vbs

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-HPAdvisor - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    HKCU-Run-Yahoo! Pager - ~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    HKCU-Run-L07FXLRD_3199861 - C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
    HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Users\pcs\AppData\Roaming\Mozilla\Firefox\Profiles\nrugnph4.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-28 15:13:29
    Windows 6.0.6000 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-09-28 15:15:08
    ComboFix-quarantined-files.txt 2008-09-28 13:14:44

    Avant-CF: 383ÿ468ÿ036ÿ096 octets libres
    Après-CF: 385,534,935,040 octets libres

    219 --- E O F --- 2008-09-26 14:58:12
    -1
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant...

    ▶ Copie le texte en gras ci-dessous :

    File::
    c:\windows\system32\jusched.exe

    Folder::

    Registry::


    ▶ Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    ▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

    ▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    ▶ Cela va relancer Combofix,

    ▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    ▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    ▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      J'ai pas pu glisser le fichier dans combofix.exe
      -1
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    pourquoi tu n as pas pu ??
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      J'ai fait comme tu m'a dit mais rien ne s'affiche
      -1
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    C est que le fichier CFScript a été mal crée...éfface celui que tu as crée et recommence stp
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      combofix ne veut plus s'ouvrir cette fois
      -1
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ▶ Télécharge OTMoveIt (de Old_Timer) sur ton Bureau

    (c est le numéro 7 en bas de la page)

    ▶ Double-clique sur OTMoveIt.exe pour le lancer.
    ▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
    ▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

    c:\windows\system32\jusched.exe

    ▶ clique sur MoveIt! pour lancer la suppression.
    ▶ Le résultat apparaitra dans le cadre "Results".
    ▶ Clique sur Exit pour fermer.
    ▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    ▶Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

    ensuite redémarre le pc et refais un nouveau rapport hijackthis stp
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      voici le résultat:

      File/Folder c:\windows\system32\jusched.exe not found.

      OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_155602
      -1
    2. mimoul Messages postés 63 Statut Membre 1
       
      et voici le nouveau rapport hijackthis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:00:50, on 28/09/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16711)
      Boot mode: Normal

      Running processes:
      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\taskeng.exe
      C:\hp\support\hpsysdrv.exe
      C:\hp\KBD\KbdStub.exe
      C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Windows\system32\schtasks.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
      c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\DRIVERS\xaudio.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Windows\System32\mobsync.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Users\pcs\Desktop\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
      O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [L07FXLRD_5627938] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Outil de notification Live Search.lnk = pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
      O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      -1
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...redémarre le pc et refais un nouveau rapport hijackthis stp
    -1
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    relance hijackthis en cliquant sur scan only et coches ces lignes stp :

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    puis tu cliques sur fix checked.

    vas aussi télécharger le SP1 pour vista :

    http://www.microsoft.com/downloads/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674&displaylang=fr

    vas aussi désinstaller sweetIM et spyware doctor qui sont très déconseillés.

    ensuite :

    ▶ Télécharge JavaRa.zip

    ▶ Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

    ▶ Double-clique sur le répertoire JavaRa obtenu.

    ▶ Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

    ▶ Clique sur Search For Updates.

    ▶ Sélectionne Update Using jucheck.exe puis clique sur Search.

    ▶ Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

    ▶ Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

    ▶ Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

    ▶ Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

    * Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

    Ferme l'application et dis moi si tu as encore des problemes

    je reviendrai tout à l heure pour vérifier tes réponses car je dois partir ;-)

    @+
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      voilà le résultat;

      JavaRa 1.11 Removal Log.

      Report follows after line.

      ------------------------------------

      The JavaRa removal process was started on Sun Sep 28 16:28:05 2008

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

      Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

      Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

      Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

      Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

      Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

      Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

      Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

      Found and removed: Software\JavaSoft\Java2D\1.6.0_01

      Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

      ------------------------------------

      Finished reporting.
      -1
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    est ce que tu as encore des problemes ??
    -1
    1. mimoul Messages postés 63 Statut Membre 1
       
      non, merci pour tout ce que tu s fait pour moi, mais comment pourrais-j savoir que mon ordi est totalement désinfecté?
      (avant je l'apprends en utilisant spyware Doctor, mais je l'ai désinstallé comme tu me l'a dit.)
      -1
    2. mimoul Messages postés 63 Statut Membre 1
       
      En fait je suis en train d réaliser un scan à l'aide d'avast,mais je fais pas trop confiance
      -1
  15. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    vas quand meme faire une analyse en ligne avec bitdefender à cette adresse (sous internet explorer) :

    http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php

    ensuite :

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    ▶ Va dans démarrer puis panneau de configuration
    ▶ Double Clique sur l'icône "Comptes d'utilisateurs"
    ▶ Clique ensuite sur désactiver et valide.

    Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

    ▶ Télécharge Toolscleaner sur ton Bureau :

    (c est le numéro 15 en bas de la page)

    ▶ Double-clique sur ToolsCleaner2.exe et laisse le travailler
    ▶ Clique sur Recherche et laisse le scan se terminer.
    ▶ Clique sur Suppression pour finaliser.
    ▶ Tu peux, si tu le souhaites, te servir des Options facultatives.
    ▶ Clique sur Quitter, pour que le rapport puisse se créer.
    ▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

    et ensuite vas réactiver le controle des comptes et créer un point de restauration !! IMPORTANT
    -1