Trojan:Win32/Vundo.gen!P

Résolu
Darkstayer -  
Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
Je viens de détecter avec Windows Defender ce cheval de Troie! Il se trouve que sur Frostwire j'ai 26507 fichiers partagés alos que je n'ai télécharger qu'une dizaine de musique. Comment me débarrasser de ce Virus? Pouvez vous m'adez s'il vous plait???
Configuration: Windows XP 2002 sp2
Internet Explorer 7.0

25 réponses

  • 1
  • 2
Résumé de la discussion

Une détection par Windows Defender signale un cheval de Troie lié à FrostWire, avec 26507 fichiers partagés malgré une douzaine de téléchargements musicaux récents réalisés. Plusieurs intervenants recommandent des scans complets en mode sans échec et l’emploi d’outils dédiés comme Malwarebytes, Avira et HijackThis, suivis de nettoyages des éléments de démarrage et des entrées de registre. Des conseils complémentaires couvrent CCleaner, SpywareBlaster et mesures de sécurité, tout en mentionnant que certains résultats varient et qu'une réévaluation peut être nécessaire après nettoyage. En cas de persistance, il est recommandé de vérifier les rapports de chaque outil et de répéter les analyses avec des outils complémentaires pour confirmer la suppression complète et éviter les résidus.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. totobetourne Messages postés 5677 Statut Membre 65
     
    commence par cela meme si les pubs disparaissent cela ne veut pas dire que l infection est enlevee.

    Telecharges malwares bytes anti malwares :

    Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
    fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.

    garde le et lance un scan tout les mois comme indique.

    si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
    1
    1. Darstalyer
       
      Merci totobetourne! c'est vrai que l'infection est sévère. De +, Windows Defender ne détecte plu le cheval de troie (une fois éliminé) toujous présent. je vais voir si je n'ai pas trop de difficultés avec ce logiciel.
      0
    2. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Merci totobetourne! mon Scan vient de se terminer dorénavant j'ai 17 fichiers partagés! Cette Technique est magique! Je Te remercie de ton Service. Je sais pas si le cheval de troie est définitivement éliminé. mais il a été neutralisé & les mises à jour de windows fonctionnent à nouveau. Merci 1000 fois!!!!!!
      -1
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut a vous deux :)

    dark :

    Si tu n´a encore rien installé...

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    Reglages :

    en image :

    http://speedweb1.free.fr/frames2.php?page=tuto5

    mes explications :

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
    dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
    et coche tes disques...
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

    ps : effectue le scan en mode sans echec :

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    @+
    1
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Bonjour à toi g!rly:

      En suivant aux pas tes instructions, en mode sans echec, j'obtiens le rapport suivant:


      Avira AntiVir Personal
      Report file date: jeudi 30 octobre 2008 12:09

      Scanning for 1369550 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Save mode
      Username: Administrateur
      Computer name: BDAB4489AEFF4B6

      Version information:
      BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
      AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
      LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
      LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
      ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15
      ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:53
      ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:47
      Engineversion : 8.1.1.19
      AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:21
      AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 14:13:47
      AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 13:44:49
      AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 13:37:48
      AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 13:58:35
      AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 07:35:21
      AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 14:13:47
      AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 13:44:48
      AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 15:38:47
      AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 09:33:21
      AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 09:33:21
      AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 13:44:48
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
      AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
      AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20
      AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: jeudi 30 octobre 2008 12:09

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
      Scan process 'avconfig.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      14 processes with 14 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '61' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir
      [0] Archive type: ZIP
      --> Setup.exe
      [DETECTION] Is the TR/Dldr.VB.dck Trojan
      [NOTE] The file was deleted!
      C:\Qoobox\Quarantine\C\WINDOWS\system32\osxmlcie.dll.vir
      [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
      [NOTE] The file was deleted!
      C:\Qoobox\Quarantine\C\WINDOWS\system32\pguxjilu.dll.vir
      [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
      [NOTE] The file was deleted!
      C:\Qoobox\Quarantine\C\WINDOWS\system32\tfrrfg.dll.vir
      [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
      [NOTE] The file was deleted!
      C:\Qoobox\Quarantine\C\WINDOWS\system32\yffyca.dll.vir
      [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
      [NOTE] The file was deleted!


      End of the scan: jeudi 30 octobre 2008 13:29
      Used time: 1:20:08 Hour(s)

      The scan has been done completely.

      5123 Scanning directories
      242773 Files were scanned
      5 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      5 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      242767 Files not concerned
      7540 Archives were scanned
      1 Warnings
      5 Notes
      0
  3. Jef
     
    Apparement c'est un virus qui se renouvelle automatiquement en changeant de nom a chaque fois (d'ou l'extension " .gen " ) le reperez est assez facile (grâce aux analyse) , il debute toujours par WIN32 et se termine par .gen ceci dit il vous suffit de vous rendre sous windows defender et de faire une analyse il retrouveras les fichiers infectées, puis apres une mise une mise en quarantaine (si disponible) il vous suffit de le supprimer.

    Aprés cette action: - Relancer une nouvelle fois window defender (pour verifier s'il l'as supprimer totalement)

    - et lancer une analyse complete de votre systeme via votre anti-virus en meme temp.

    Normalement tout devrais etre OK

    En esperant avoir pu vous aidez
    0
  4. Darstalyer
     
    Merci! Je vais essayer ta manip & jte poste ce que windows defender m'affiche
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. totobetourne Messages postés 5677 Statut Membre 65
     
    je vous raconte un topic.

    quelqu un qui a des doutes ouvre un topic: ellle a le pare feu comodo(antivirus avast).

    elle telecharge quelquechose et c est le pare feu qui lui signale un certain type de trojan et elle evite l infection.
    donc si elle avait eu le pare feu windows on aurait eu a passer un peu de temps sur son cas.

    la morale est qu il faut un vrai pare feu.ne fais cela que lorsque girly te le dira car je crois qu elle a autre chose a te faire faire.il est meilleur d installer un pare feu sur un pc completement sain.
    regarde sur ce lien( mis a jour assez souvent) celui qui t interesse, demande moi les tuto pour ceux en anglais.

    http://www.matousec.com/index.html
    0
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Ok! je pense que mon cas sera bientot réglé.Concernant le tutoriel des parefeux, l'anglais je comprends moyen. est ke tu as ce tutoriel en français?
      0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut dark et toto :)

    dark

    post un dernier rapport hijack this stp

    puis voici pour comodo en francais :

    tuto : https://www.malekal.com/tutorial-comodo-firewall/

    @+
    0
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Voici mon dernier Rapport HijackThis:


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:03:14, on 30/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20900)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\topdesk.exe
      C:\Program Files\UberIcon\UberIcon Manager.exe
      C:\Windows\System32\VisualTaskTips.exe
      C:\Program Files\styler\Styler.exe
      C:\WINDOWS\system32\ICO.EXE
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
      C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
      C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\iTunes\iTunes.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\VideoLAN\VLC\vlc.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O1 - Hosts: ::1 localhost
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
      O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
      O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
      O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
      O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
      O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
      O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
      O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
      O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    Ok,

    a l´aide de hijack this coche et fix :

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    tu n´as pas installé comodo ?

    important :

    regarde ce tutorial pour mettre ta console java a jour :

    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...

    puis passe ceci :

    Ccleaner:

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

    -> L´installer.

    -> Une fois installé et lancé :

    Dans la colonne de gauche, click sur :

    ->"registre" :

    Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

    ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

    ->"nettoyeur"

    quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

    -> Tutoriel en image :

    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    -> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

    http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

    et

    jv16 power tools :

    http://assiste.com.free.fr/p/logitheque/jv16.html

    (derniere version gratuite...)

    Je n´ai pas de tuto; alors voila mes explications :

    Click sur

    "registry tools"

    Puis sur "tools" (en haut)

    Dans l´arborescence

    Sur "registry cleaner"

    Dans la fenetre suivante click sur "continue" et dans la prochaine sur "start"

    Une fois la recherche terminée tu vas te retrouver avec un tas de clées marquées d´un point rouge ou vert...

    On va nettoyer que les vertes (safe)

    Pour cela click sur "select" > "special select" > et click sur "items that should be safe to remove" il va alors selectionner les cleés vertes

    Click alors sur "remove" en bas a gauche pour nettoyer...

    -.-.-.-

    pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.mozilla-europe.org/fr/

    plugins :ad block plus, no script ect...

    https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

    bonus :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : https://www.malekal.com/tutorial-spywareblaster/

    voila

    @+
    0
  9. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
     
    Merci pour les tuto & le coup de mains!

    Je ferai tout cela demain!

    Jte dirai ensuite ou tt cela en est! @+
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    Ok...
    0
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Merci! spywarecleaner! cCleaner on est fait du beau Travail!!!

      En tout cas, ça m'a permis de purger les super malwares! J'avoue que je ne me suis même pas douter que ces derniers pouvait provenir des clés de registres.

      Si tu as d'autres instructions à donner, je serai prêt à les effectuer!

      Merci pour ta Précieuse Aide!!

      en tout cas, commentçamarche est un veritable puit d'astuces.

      & en particulier, les membres qui apportent ce qu'il faut!!

      J'espère que ce sujet pourra être classé "Résolu" ^^

      Merci à toi

      @@++,
      0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut Dark...,

    Si tu n´as plus de souci on peut conclure ici...

    Dis moi...

    @+
    0
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Avec le Scan Avira Antivir: J'ai les menaces suivantes:

      TR/Dldr.VB.hzp.1 trojan

      c:\Windows\i386\cALC.EX_



      Warnings:19 menaces

      Est ce normal dans ce cas!

      J'ai a nouveau effectuer les mêmes procédures! ça m'efface à nouveau les clés de registre nuisibles & les malwares

      si tu me dis que tout cela est normal, je peux alors considérer que l'affaire est conclut.
      0
      1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30 > Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention  
         
        Voici le Rapport Antivir

        Avira AntiVir Personal
        Report file date: samedi 1 novembre 2008 19:17

        Scanning for 1001710 virus strains and unwanted programs.

        Licensed to: Avira AntiVir PersonalEdition Classic
        Serial number: 0000149996-ADJIE-0001
        Platform: Windows XP
        Windows version: (Service Pack 2) [5.1.2600]
        Boot mode: Normally booted
        Username: SYSTEM
        Computer name: BDAB4489AEFF4B6

        Version information:
        BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
        AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
        AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
        LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
        LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
        ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:23:16
        ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 18:01:16
        ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 18:01:16
        ANTIVIR3.VDF : 7.1.0.26 14848 Bytes 31/10/2008 18:01:17
        Engineversion : 8.2.0.10
        AEVDF.DLL : 8.1.0.6 102772 Bytes 30/10/2008 13:24:37
        AESCRIPT.DLL : 8.1.1.9 319867 Bytes 30/10/2008 13:24:33
        AESCN.DLL : 8.1.1.3 123252 Bytes 30/10/2008 13:24:27
        AERDL.DLL : 8.1.1.2 438644 Bytes 30/10/2008 13:24:24
        AEPACK.DLL : 8.1.2.4 369014 Bytes 30/10/2008 13:24:15
        AEOFFICE.DLL : 8.1.0.29 196988 Bytes 30/10/2008 13:24:05
        AEHEUR.DLL : 8.1.0.63 1479032 Bytes 30/10/2008 13:24:02
        AEHELP.DLL : 8.1.1.2 115062 Bytes 30/10/2008 13:23:37
        AEGEN.DLL : 8.1.0.42 319861 Bytes 30/10/2008 13:23:35
        AEEMU.DLL : 8.1.0.9 393588 Bytes 30/10/2008 13:23:31
        AECORE.DLL : 8.1.2.9 172407 Bytes 30/10/2008 13:23:27
        AEBB.DLL : 8.1.0.3 53618 Bytes 30/10/2008 13:23:21
        AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
        AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
        AVREP.DLL : 8.0.0.2 98344 Bytes 30/10/2008 13:23:20
        AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
        AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
        AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
        SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
        SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
        NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
        RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
        RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

        Configuration settings for the scan:
        Jobname..........................: Complete system scan
        Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
        Logging..........................: low
        Primary action...................: interactive
        Secondary action.................: ignore
        Scan master boot sector..........: on
        Scan boot sector.................: on
        Boot sectors.....................: C:,
        Process scan.....................: on
        Scan registry....................: on
        Search for rootkits..............: off
        Scan all files...................: Intelligent file selection
        Scan archives....................: on
        Recursion depth..................: 20
        Smart extensions.................: on
        Macro heuristic..................: on
        File heuristic...................: medium

        Start of the scan: samedi 1 novembre 2008 19:17

        The scan of running processes will be started
        Scan process 'avscan.exe' - '1' Module(s) have been scanned
        Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned
        Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned
        Scan process 'avcenter.exe' - '1' Module(s) have been scanned
        Scan process 'firefox.exe' - '1' Module(s) have been scanned
        Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
        Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
        Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
        Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
        Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
        Scan process 'alg.exe' - '1' Module(s) have been scanned
        Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
        Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
        Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
        Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
        Scan process 'avguard.exe' - '1' Module(s) have been scanned
        Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
        Scan process 'Skype.exe' - '1' Module(s) have been scanned
        Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
        Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
        Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
        Scan process 'jusched.exe' - '1' Module(s) have been scanned
        Scan process 'avgnt.exe' - '1' Module(s) have been scanned
        Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
        Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
        Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
        Scan process 'ICO.EXE' - '1' Module(s) have been scanned
        Scan process 'Styler.exe' - '1' Module(s) have been scanned
        Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
        Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
        Scan process 'topdesk.exe' - '1' Module(s) have been scanned
        Scan process 'rundll32.exe' - '1' Module(s) have been scanned
        Scan process 'explorer.exe' - '1' Module(s) have been scanned
        Scan process 'sched.exe' - '1' Module(s) have been scanned
        Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'lsass.exe' - '1' Module(s) have been scanned
        Scan process 'services.exe' - '1' Module(s) have been scanned
        Scan process 'winlogon.exe' - '1' Module(s) have been scanned
        Scan process 'csrss.exe' - '1' Module(s) have been scanned
        Scan process 'smss.exe' - '1' Module(s) have been scanned
        48 processes with 48 modules were scanned

        Starting master boot sector scan:
        Master boot sector HD0
        [INFO] No virus was found!

        Start scanning boot sectors:
        Boot sector 'C:\'
        [INFO] No virus was found!

        Starting to scan the registry.
        The registry was scanned ( '64' files ).


        Starting the file scan:

        Begin scan in 'C:\'
        C:\pagefile.sys
        [WARNING] The file could not be opened!
        C:\Qoobox\Quarantine\C\WINDOWS\system32\bbnwomou.exe.vir
        [DETECTION] Is the TR/QLowZones.S Trojan
        [NOTE] The file was deleted!
        C:\Qoobox\Quarantine\C\WINDOWS\system32\EV02\EV022328.exe.vir
        [DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP108\A0021346.exe
        [DETECTION] Is the TR/Agent.tzh Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP108\A0021349.exe
        [DETECTION] Is the TR/Monder.stx Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP112\A0022347.exe
        [DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP12\A0001226.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \WinNT5\x64\data1.cab
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP12\A0001227.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \Using Your Mouse-SC.pdf
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025922.exe
        [DETECTION] Is the TR/QLowZones.S Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025923.dll
        [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025924.dll
        [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025925.dll
        [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025926.dll
        [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
        [NOTE] The file was moved to '493ca562.qua'!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP126\A0026133.exe
        [DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP5\A0001161.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \Disk1\data1.hdr
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP6\A0001171.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \Disk1\data1.hdr
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP7\A0001176.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \Disk1\data1.hdr
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP7\A0001177.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \At8VEN5m.inf
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP8\A0001178.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \Disk1\data1.hdr
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP8\A0001179.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \At8VEN5m.inf
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP9\A0001187.exe
        [0] Archive type: CAB SFX (self extracting)
        --> \Disk1\data1.hdr
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\WINDOWS\i386\CALC.EX_
        [0] Archive type: CAB (Microsoft)
        --> calc.exe
        [DETECTION] Is the TR/Vaklik.cnd Trojan
        [NOTE] The file was deleted!
        C:\WINDOWS\system32\calc.exe
        [DETECTION] Is the TR/Vaklik.cnd Trojan
        [NOTE] The file was deleted!


        End of the scan: samedi 1 novembre 2008 20:12
        Used time: 55:02 Minute(s)

        The scan has been done completely.

        5325 Scanning directories
        275509 Files were scanned
        13 viruses and/or unwanted programs were found
        0 Files were classified as suspicious:
        12 files were deleted
        0 files were repaired
        1 files were moved to quarantine
        0 files were renamed
        10 Files cannot be scanned
        275486 Files not concerned
        7684 Archives were scanned
        19 Warnings
        13 Notes
        0
  12. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
     
    Si dans le cas présent , il s'agit de refaire les mêmes manipulations.

    Je peux considérer que le Problème est Résolu !!

    Merci à toi G!rly!!!!
    0
  13. totobetourne Messages postés 5677 Statut Membre 65
     
    montre moi le rapport dans l onglet rapport de malwarebyte pour voir ce qu il a supprime.il faut montrer les rapports sans eux on ne sait pas si c est vraiment supprime.

    ensuite fais cela pour voir si il n y aurait pas autre chose.
    telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

    http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    installe le normallement comme tout autre programme dans c/programme/...............
    clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
    parfois alerte comme quoi, sans la fonction administrateur le rapport ne peut pas etre complet .
    a ce moment relance hijack avec un clique droit sur le raccourci et executer en tant qu administrateur.
    -1
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Voici ce que donne le rapport hijack:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:04, on 2008-10-23
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20900)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\topdesk.exe
      C:\Program Files\UberIcon\UberIcon Manager.exe
      C:\Windows\System32\VisualTaskTips.exe
      C:\Program Files\styler\Styler.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\WINDOWS\system32\ICO.EXE
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
      C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
      C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\PROGRA~1\FOXITR~1\FOXITR~1.EXE
      C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\Program Files\FrostWire\FrostWire.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.fr/?gws_rd=ssl
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O1 - Hosts: ::1 localhost
      O2 - BHO: {9ccdb9ed-2d2e-57f8-da14-c7f22d8e3f31} - {13f3e8d2-2f7c-41ad-8f75-e2d2de9bdcc9} - C:\WINDOWS\system32\tfrrfg.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
      O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
      O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
      O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
      O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
      O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
      O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: khfGyaxv - khfGyaxv.dll (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
      O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
      -1
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut,

    je m´incruste...

    darkstayer,

    tu es encore infecté

    passe ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    + un nouveau rapport hijack this stp

    @+
    -1
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Merci! je vais essayer t&a technique! je serai de retour cette aprem! je posterai le rapport hijack pr voir ou on en est!
      -1
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,
    il faut que tu post le rapport de combofix egalement
    @+
    -1
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Concernant le Rapport Hijackthis, j'ai obtenu ceci, est ce que le problème de l'infection est toujours présent??

      Voici le Rapport Hijackthis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:22:24, on 23/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20900)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\topdesk.exe
      C:\Program Files\UberIcon\UberIcon Manager.exe
      C:\Windows\System32\VisualTaskTips.exe
      C:\Program Files\styler\Styler.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\WINDOWS\system32\ICO.EXE
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
      C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
      C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O1 - Hosts: ::1 localhost
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
      O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
      O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
      O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
      O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
      O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
      O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: tfrrfg.dll
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
      O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
      O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
      -1
  16. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
     
    ComboFix a été efficace, voici le (long ) rapport obtenu:

    ComboFix 08-10-19.04 - Administrateur 2008-10-23 13:13:43.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.608 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\Fonts\a.zip
    C:\WINDOWS\system32\bbnwomou.exe
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\osxmlcie.dll
    C:\WINDOWS\system32\pguxjilu.dll
    C:\WINDOWS\system32\tfrrfg.dll
    C:\WINDOWS\system32\yffyca.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 18:03 . 2008-10-23 11:46 734,641,774 --a------ C:\ALIENS VS PREDATOR REQUIEM 2008 FRENCH.avi
    2008-10-22 15:42 . 2008-10-22 20:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-22 15:42 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:42 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-22 14:12 . 2008-10-22 14:12 <REP> d-------- C:\VundoFix Backups
    2008-10-22 14:10 . 2008-10-22 14:10 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 16:15 . 2008-10-21 21:48 735,684,608 --a------ C:\Le.Silence.des.Agneaux.[divx.francais.franais.french.dvd.rip.SBC](par.Origan.et.MaxoOo).teste.divxovore.com.avi
    2008-10-21 15:12 . 2008-10-21 15:12 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2008-10-21 15:05 . 2008-10-22 16:16 <REP> d-------- C:\WINDOWS\system32\xp2
    2008-10-21 15:05 . 2008-10-22 16:16 <REP> d-------- C:\WINDOWS\system32\vm
    2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\WINDOWS\system32\mci
    2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\WINDOWS\system32\EV02
    2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\Temp\xp34
    2008-10-21 15:05 . 2008-10-23 13:13 <REP> d-------- C:\Temp
    2008-10-21 15:05 . 2008-10-21 15:05 64,859 --a------ C:\WINDOWS\system32\ftfnqacjghpar.exe
    2008-10-21 15:05 . 2008-10-21 15:05 355 --a------ C:\205.bat
    2008-10-21 14:46 . 2008-10-21 14:46 <REP> d-------- C:\Program Files\Easy Video Converter
    2008-10-20 23:10 . 2008-10-20 23:10 143,176,980 --a------ C:\flaskOut.avi
    2008-10-20 23:07 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\FlasKMPEG
    2008-10-17 00:03 . 2008-10-17 00:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
    2008-10-17 00:03 . 2008-10-17 00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Skype
    2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-10-17 00:02 . 2008-10-23 13:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
    2008-10-16 11:29 . 2008-08-14 15:44 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-16 11:29 . 2008-08-14 15:44 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-16 11:29 . 2008-08-14 15:44 2,059,776 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-16 11:29 . 2008-08-14 15:44 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-16 11:29 . 2008-09-15 17:14 1,847,040 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-16 11:29 . 2008-08-28 12:35 333,056 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 13:38 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\VirtualDubMOD
    2008-10-15 00:18 . 2008-10-23 10:23 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-10-14 16:05 . 2008-10-14 16:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
    2008-10-13 19:17 . 2008-10-20 22:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
    2008-10-11 02:28 . 2008-10-11 02:28 <REP> d-------- C:\WINDOWS\Sun
    2008-10-11 01:36 . 2008-10-11 01:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2008-10-11 01:33 . 2008-10-11 01:33 <REP> d-------- C:\Program Files\VideoLAN
    2008-10-10 18:45 . 2008-10-10 18:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
    2008-10-10 18:14 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-10-10 18:14 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-10-10 18:14 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2008-10-10 18:12 . 2008-10-10 18:13 <REP> d-------- C:\d3f79257e726d35b1b1637c6
    2008-10-10 18:12 . 2007-12-18 04:04 2,450,944 --a------ C:\WINDOWS\system32\OLD1C.tmp
    2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iTunes
    2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iPod
    2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-05 15:49 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2008-10-05 15:49 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-10-05 14:22 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-10-05 14:08 . 2008-10-05 14:08 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-10-05 14:05 . 2008-10-05 14:10 <REP> d-------- C:\WINDOWS\EHome
    2008-10-05 14:05 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u00001_.tmp
    2008-10-05 13:59 . 2008-10-05 13:59 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-10-05 13:59 . 2008-10-05 13:59 <REP> d-------- C:\Program Files\Free
    2008-10-05 01:02 . 2008-10-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
    2008-10-05 00:16 . 2008-10-05 00:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-10-05 00:01 . 2008-10-22 19:58 <REP> d-------- C:\Program Files\eMule
    2008-10-04 14:13 . 2008-10-04 14:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Bonjour
    2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Apple Software Update
    2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Java
    2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-10-04 13:45 . 2008-10-23 12:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FrostWire
    2008-10-04 13:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-10-04 13:43 . 2008-10-21 15:14 <REP> d-------- C:\Program Files\FrostWire
    2008-10-04 13:37 . 2008-10-20 12:42 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
    2008-10-03 22:14 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2008-10-03 22:12 . 2004-08-04 02:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
    2008-10-03 22:12 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
    2008-10-03 22:12 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
    2008-10-03 22:12 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
    2008-10-03 22:12 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
    2008-10-03 22:11 . 2008-10-10 18:14 1,118,814 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-03 22:11 . 2008-10-03 20:42 4,512 --a------ C:\WINDOWS\imsins.BAK
    2008-10-03 22:11 . 2008-10-03 20:20 4,205 --a------ C:\WINDOWS\ODBCINST.INI
    2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
    2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
    2008-10-03 22:10 . 2008-10-03 20:17 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
    2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
    2008-10-03 22:10 . 2006-10-30 01:40 <REP> d-------- C:\Documents and Settings\Default User\Menu Démarrer
    2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\Default User\Favoris
    2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Bureau
    2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
    2008-10-03 22:10 . 2008-10-22 14:35 <REP> d-------- C:\Documents and Settings\All Users\Menu Démarrer
    2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\All Users\Favoris
    2008-10-03 22:10 . 2008-10-05 15:41 <REP> dr------- C:\Documents and Settings\All Users\Documents
    2008-10-03 22:10 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Bureau
    2008-10-03 22:09 . 2008-10-23 12:46 <REP> d-------- C:\WINDOWS\system32\CatRoot2
    2008-10-03 22:09 . 2008-10-23 10:23 <REP> d-------- C:\WINDOWS\system32\CatRoot
    2008-10-03 22:09 . 2008-10-03 20:41 <REP> d-------- C:\Documents and Settings\Default User
    2008-10-03 22:09 . 2006-11-18 13:48 <REP> d-------- C:\Documents and Settings\All Users
    2008-10-03 22:09 . 2008-10-03 20:54 <REP> d-------- C:\Documents and Settings
    2008-10-03 22:08 . 2008-10-03 20:42 1,748 --a------ C:\WINDOWS\system32\$winnt$.inf

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-04 23:03 --------- d-----w C:\Program Files\Ad-Aware
    2008-10-04 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-10-04 12:12 --------- d-----w C:\Program Files\QT Lite
    2008-10-03 19:54 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
    2008-10-03 19:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
    2008-10-03 19:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
    2008-10-03 19:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
    2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
    2008-10-03 19:53 --------- d-----w C:\Program Files\Intel
    2008-10-03 19:53 --------- d-----w C:\Program Files\Fichiers communs\Intel
    2008-10-03 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
    2008-10-03 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-03 19:52 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-10-03 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-03 19:47 --------- d-----w C:\Program Files\Synaptics
    2008-10-03 19:47 --------- d-----w C:\Program Files\Microsoft Works
    2008-10-03 19:47 --------- d-----w C:\Program Files\HP Wireless Laser Mini Mouse
    2008-10-03 19:46 --------- d-----w C:\Program Files\MSBuild
    2008-10-03 19:45 --------- d-----w C:\Program Files\Microsoft.NET
    2008-10-03 19:44 --------- d-----w C:\Program Files\SuperCopier2
    2008-10-03 19:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-10-03 19:42 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
    2008-10-03 19:39 --------- d-----w C:\Program Files\HP Optical USB Mobile Mouse
    2008-10-03 19:36 --------- d-----w C:\Program Files\Broadcom
    2008-10-03 19:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-10-03 19:35 --------- d-----w C:\Program Files\NetWaiting
    2008-10-03 19:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-10-03 19:35 --------- d-----w C:\Program Files\CONEXANT
    2008-10-03 19:34 --------- d-----w C:\Program Files\HP 1.3MP Webcam
    2008-10-03 19:34 --------- d-----w C:\Program Files\DIFX
    2008-10-03 19:32 --------- d-----w C:\Program Files\HP Analog TV Tuner
    2008-10-03 19:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
    2008-10-03 19:29 --------- d-----w C:\Program Files\ma-config.com
    2008-10-03 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-10-03 19:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
    2008-10-03 19:25 --------- d-----w C:\Program Files\HP
    2008-10-03 19:03 --------- d-----w C:\Program Files\Styler
    2008-10-03 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-10-03 19:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
    2008-10-03 19:00 --------- d-----w C:\Program Files\Reference Assemblies
    2008-10-03 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
    2008-10-03 18:40 --------- d-----w C:\Program Files\Real Alternative
    2008-10-03 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-10-03 18:38 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2008-10-03 18:37 --------- d-----w C:\Program Files\ACD Systems
    2008-10-03 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
    2008-10-03 18:36 --------- d-----w C:\Program Files\Nero
    2008-10-03 18:36 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-10-03 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 6.0
    2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 4.0
    2008-10-03 18:23 --------- d-----r C:\Program Files\Windows Sidebar
    2008-10-03 18:17 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-10-03 16:22 6,068,224 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-09-15 15:14 1,847,040 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-28 10:35 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-08-25 08:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-08-25 08:43 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 09:48 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    .

    ------- Sigcheck -------

    2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
    2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8466432]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
    "TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2007-12-18 201216]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
    "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
    "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
    "Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
    "QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
    "IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
    "IntelWireless"="C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "nwiz"="nwiz.exe" [2007-10-25 C:\WINDOWS\system32\nwiz.exe]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 C:\WINDOWS\system32\ICO.EXE]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 138240]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
    "nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=tfrrfg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\FrostWire\\FrostWire.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
    R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
    R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
    R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-07 61952]
    R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{13f3e8d2-2f7c-41ad-8f75-e2d2de9bdcc9} - C:\WINDOWS\system32\tfrrfg.dll
    Toolbar-SaveLinksOrder - (no file)
    Toolbar-Locked - (no file)
    Toolbar-ITBarLayout - (no file)
    Toolbar-ITBarLayout - (no file)
    Toolbar-ITBar7Layout - (no file)
    Toolbar-ITBar7Position - (no file)
    HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
    ShellExecuteHooks-{4D0C96E7-CA73-4E24-96F6-271BD3E024C8} - C:\WINDOWS\system32\khfGyaxv.dll
    Notify-khfGyaxv - khfGyaxv.dll

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xfko38un.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-23 13:18:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RGIE.tmp

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
    .
    Heure de fin: 2008-10-23 13:19:49
    ComboFix-quarantined-files.txt 2008-10-23 11:19:42

    Avant-CF: 126,420,246,528 octets libres
    Après-CF: 126,434,832,384 octets libres

    310 --- E O F --- 2008-10-23 08:23:13
    -1
  17. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
     
    Je serai de retour à 18h00! Faites moi part de vos solutions! Merci à vous!!!
    -1
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    Voici la suite :

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\vbzip10.dll
    C:\WINDOWS\system32\ftfnqacjghpar.exe
    C:\205.bat
    C:\WINDOWS\system32\OLD1C.tmp
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    Folder::
    C:\WINDOWS\system32\xp2
    C:\WINDOWS\system32\vm
    C:\WINDOWS\system32\mci
    C:\WINDOWS\system32\EV02
    C:\Temp\xp34
    C:\d3f79257e726d35b1b1637c6
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    -1
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      J'ai exactement suivi ttes tes instructions mais ComboFix démarre directement sans meme me laisser un choix entre 1 & 2 après avoir fait glisser CFScript.txt dans comboFix.
      Voici le rapport obtenu:

      ComboFix 08-10-21.05 - Administrateur 2008-10-23 18:53:38.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.552 [GMT 2:00]
      Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
      Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Mes documents\CFScript.txt
      * Un nouveau point de restauration a été créé

      FILE ::
      C:\205.bat
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      C:\WINDOWS\system32\ftfnqacjghpar.exe
      C:\WINDOWS\system32\OLD1C.tmp
      C:\WINDOWS\system32\vbzip10.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\205.bat
      C:\d3f79257e726d35b1b1637c6
      C:\d3f79257e726d35b1b1637c6\update\update.exe
      C:\d3f79257e726d35b1b1637c6\update\updspapi.dll
      C:\d3f79257e726d35b1b1637c6\update\wpdinstallutil.dll
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
      C:\Temp\xp34
      C:\Temp\xp34\cPH.log
      C:\WINDOWS\system32\EV02
      C:\WINDOWS\system32\EV02\EV022328.exe
      C:\WINDOWS\system32\ftfnqacjghpar.exe
      C:\WINDOWS\system32\mci
      C:\WINDOWS\system32\OLD1C.tmp
      C:\WINDOWS\system32\vbzip10.dll
      C:\WINDOWS\system32\vm
      C:\WINDOWS\system32\xp2

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
      .

      2008-10-22 18:03 . 2008-10-23 11:46 734,641,774 --a------ C:\ALIENS VS PREDATOR REQUIEM 2008 FRENCH.avi
      2008-10-22 15:42 . 2008-10-22 20:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-10-22 15:42 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-10-22 15:42 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-10-22 14:12 . 2008-10-22 14:12 <REP> d-------- C:\VundoFix Backups
      2008-10-22 14:10 . 2008-10-22 14:10 <REP> d-------- C:\Program Files\Trend Micro
      2008-10-21 16:15 . 2008-10-21 21:48 735,684,608 --a------ C:\Le.Silence.des.Agneaux.[divx.francais.franais.french.dvd.rip.SBC](par.Origan.et.MaxoOo).teste.divxovore.com.avi
      2008-10-21 15:05 . 2008-10-23 18:53 <REP> d-------- C:\Temp
      2008-10-21 14:46 . 2008-10-21 14:46 <REP> d-------- C:\Program Files\Easy Video Converter
      2008-10-20 23:10 . 2008-10-20 23:10 143,176,980 --a------ C:\flaskOut.avi
      2008-10-20 23:07 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\FlasKMPEG
      2008-10-17 00:03 . 2008-10-17 00:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
      2008-10-17 00:03 . 2008-10-17 00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
      2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Skype
      2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
      2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
      2008-10-17 00:02 . 2008-10-23 13:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
      2008-10-16 11:29 . 2008-08-14 15:44 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      2008-10-16 11:29 . 2008-08-14 15:44 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
      2008-10-16 11:29 . 2008-08-14 15:44 2,059,776 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      2008-10-16 11:29 . 2008-08-14 15:44 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
      2008-10-16 11:29 . 2008-09-15 17:14 1,847,040 --------- C:\WINDOWS\system32\dllcache\win32k.sys
      2008-10-16 11:29 . 2008-08-28 12:35 333,056 --------- C:\WINDOWS\system32\dllcache\srv.sys
      2008-10-15 13:38 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\VirtualDubMOD
      2008-10-15 00:18 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
      2008-10-14 16:05 . 2008-10-14 16:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
      2008-10-13 19:17 . 2008-10-20 22:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
      2008-10-11 02:28 . 2008-10-11 02:28 <REP> d-------- C:\WINDOWS\Sun
      2008-10-11 01:36 . 2008-10-11 01:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
      2008-10-11 01:33 . 2008-10-11 01:33 <REP> d-------- C:\Program Files\VideoLAN
      2008-10-10 18:45 . 2008-10-10 18:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
      2008-10-10 18:14 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
      2008-10-10 18:14 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
      2008-10-10 18:14 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
      2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iTunes
      2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iPod
      2008-10-05 15:49 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
      2008-10-05 15:49 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
      2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\WINDOWS\system32\xircom
      2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\Program Files\microsoft frontpage
      2008-10-05 14:22 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
      2008-10-05 14:08 . 2008-10-05 14:08 <REP> d-------- C:\WINDOWS\ServicePackFiles
      2008-10-05 14:05 . 2008-10-05 14:10 <REP> d-------- C:\WINDOWS\EHome
      2008-10-05 14:05 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u00001_.tmp
      2008-10-05 13:59 . 2008-10-05 13:59 <REP> d--hs---- C:\WINDOWS\ftpcache
      2008-10-05 13:59 . 2008-10-05 13:59 <REP> d-------- C:\Program Files\Free
      2008-10-05 01:02 . 2008-10-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
      2008-10-05 00:16 . 2008-10-05 00:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
      2008-10-05 00:01 . 2008-10-22 19:58 <REP> d-------- C:\Program Files\eMule
      2008-10-04 14:13 . 2008-10-04 14:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
      2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Fichiers communs\Apple
      2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Bonjour
      2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Apple Software Update
      2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
      2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Java
      2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Fichiers communs\Java
      2008-10-04 13:45 . 2008-10-23 12:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FrostWire
      2008-10-04 13:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-10-04 13:43 . 2008-10-21 15:14 <REP> d-------- C:\Program Files\FrostWire
      2008-10-04 13:37 . 2008-10-20 12:42 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
      2008-10-03 22:14 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
      2008-10-03 22:12 . 2004-08-04 02:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
      2008-10-03 22:12 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
      2008-10-03 22:12 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
      2008-10-03 22:12 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
      2008-10-03 22:12 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
      2008-10-03 22:11 . 2008-10-10 18:14 1,118,814 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
      2008-10-03 22:11 . 2008-10-03 20:42 4,512 --a------ C:\WINDOWS\imsins.BAK
      2008-10-03 22:11 . 2008-10-03 20:20 4,205 --a------ C:\WINDOWS\ODBCINST.INI
      2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
      2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
      2008-10-03 22:10 . 2008-10-03 20:17 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
      2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
      2008-10-03 22:10 . 2006-10-30 01:40 <REP> d-------- C:\Documents and Settings\Default User\Menu Démarrer
      2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\Default User\Favoris
      2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Bureau
      2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
      2008-10-03 22:10 . 2008-10-22 14:35 <REP> d-------- C:\Documents and Settings\All Users\Menu Démarrer
      2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\All Users\Favoris
      2008-10-03 22:10 . 2008-10-05 15:41 <REP> dr------- C:\Documents and Settings\All Users\Documents
      2008-10-03 22:10 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Bureau
      2008-10-03 22:09 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot2
      2008-10-03 22:09 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot
      2008-10-03 22:09 . 2008-10-23 13:19 <REP> d-------- C:\Documents and Settings\Default User
      2008-10-03 22:09 . 2006-11-18 13:48 <REP> d-------- C:\Documents and Settings\All Users
      2008-10-03 22:09 . 2008-10-03 20:54 <REP> d-------- C:\Documents and Settings
      2008-10-03 22:08 . 2008-10-03 20:42 1,748 --a------ C:\WINDOWS\system32\$winnt$.inf

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-10-04 23:03 --------- d-----w C:\Program Files\Ad-Aware
      2008-10-04 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-10-04 12:12 --------- d-----w C:\Program Files\QT Lite
      2008-10-03 19:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
      2008-10-03 19:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
      2008-10-03 19:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
      2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
      2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
      2008-10-03 19:53 --------- d-----w C:\Program Files\Intel
      2008-10-03 19:53 --------- d-----w C:\Program Files\Fichiers communs\Intel
      2008-10-03 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
      2008-10-03 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-10-03 19:52 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-10-03 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-10-03 19:47 --------- d-----w C:\Program Files\Synaptics
      2008-10-03 19:47 --------- d-----w C:\Program Files\Microsoft Works
      2008-10-03 19:47 --------- d-----w C:\Program Files\HP Wireless Laser Mini Mouse
      2008-10-03 19:46 --------- d-----w C:\Program Files\MSBuild
      2008-10-03 19:45 --------- d-----w C:\Program Files\Microsoft.NET
      2008-10-03 19:44 --------- d-----w C:\Program Files\SuperCopier2
      2008-10-03 19:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
      2008-10-03 19:42 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
      2008-10-03 19:39 --------- d-----w C:\Program Files\HP Optical USB Mobile Mouse
      2008-10-03 19:36 --------- d-----w C:\Program Files\Broadcom
      2008-10-03 19:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
      2008-10-03 19:35 --------- d-----w C:\Program Files\NetWaiting
      2008-10-03 19:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-10-03 19:35 --------- d-----w C:\Program Files\CONEXANT
      2008-10-03 19:34 --------- d-----w C:\Program Files\HP 1.3MP Webcam
      2008-10-03 19:34 --------- d-----w C:\Program Files\DIFX
      2008-10-03 19:32 --------- d-----w C:\Program Files\HP Analog TV Tuner
      2008-10-03 19:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
      2008-10-03 19:29 --------- d-----w C:\Program Files\ma-config.com
      2008-10-03 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
      2008-10-03 19:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
      2008-10-03 19:25 --------- d-----w C:\Program Files\HP
      2008-10-03 19:03 --------- d-----w C:\Program Files\Styler
      2008-10-03 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
      2008-10-03 19:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
      2008-10-03 19:00 --------- d-----w C:\Program Files\Reference Assemblies
      2008-10-03 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
      2008-10-03 18:40 --------- d-----w C:\Program Files\Real Alternative
      2008-10-03 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-10-03 18:38 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
      2008-10-03 18:37 --------- d-----w C:\Program Files\ACD Systems
      2008-10-03 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
      2008-10-03 18:36 --------- d-----w C:\Program Files\Nero
      2008-10-03 18:36 --------- d-----w C:\Program Files\Fichiers communs\Nero
      2008-10-03 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 6.0
      2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 4.0
      2008-10-03 18:23 --------- d-----r C:\Program Files\Windows Sidebar
      2008-10-03 18:17 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-10-03 16:22 6,068,224 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-09-15 15:14 1,847,040 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
      2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
      2008-08-28 10:35 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
      2008-08-25 08:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2008-08-25 08:43 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
      2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
      2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      2008-08-14 09:48 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
      .

      ------- Sigcheck -------

      2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
      2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
      2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
      "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8466432]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
      "TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2007-12-18 201216]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
      "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
      "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
      "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
      "Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
      "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
      "QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
      "IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
      "IntelWireless"="C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
      "QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-09-06 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
      "nwiz"="nwiz.exe" [2007-10-25 C:\WINDOWS\system32\nwiz.exe]
      "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
      "Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 C:\WINDOWS\system32\ICO.EXE]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 138240]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "nltide_2"="shell32" [X]
      "TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
      "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
      "nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS\system32\advpack.dll]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoUserNameInStartMenu"= 1 (0x1)
      "NoSMHelp"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoUserNameInStartMenu"= 1 (0x1)
      "NoSMHelp"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.ACDV"= ACDV.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\FrostWire\\FrostWire.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

      R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
      R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
      R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
      R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-07 61952]
      R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
      S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

      *Newly Created Service* - CATCHME
      *Newly Created Service* - PROCEXP90
      .
      Contenu du dossier 'Tâches planifiées'

      2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

      2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
      - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      Toolbar-ITBarLayout - (no file)
      Toolbar-ITBarLayout - (no file)
      Toolbar-ITBar7Layout - (no file)
      Toolbar-ITBar7Position - (no file)



      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-23 18:58:33
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
      "ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
      .
      Heure de fin: 2008-10-23 18:59:20
      ComboFix-quarantined-files.txt 2008-10-23 16:59:17
      ComboFix2.txt 2008-10-23 11:19:50

      Avant-CF: 126 339 731 456 octets libres
      Après-CF: 126,326,947,840 octets libres

      304 --- E O F --- 2008-10-23 08:23:13
      -1
  19. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
     
    Pas mal de malwares ont été éradiqués, mais mon rapport Hijackthis me donne cela:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:19:07, on 23/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\topdesk.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\styler\Styler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: ::1 localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    -1
  20. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    maintenant fais un scan complet de ta machine a l´aide de malwarebytes et post son rapport stp

    @+
    -1
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Ok dac!!!
      -1
    2. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Voici mon Rapport Malwarebyte, plutot convaincant, & les éléments en quarantaine je les supprime?, mon rapport donne:

      alwarebytes' Anti-Malware 1.29
      Version de la base de données: 1300
      Windows 5.1.2600 Service Pack 2

      23/10/2008 19:54:27
      mbam-log-2008-10-23 (19-54-27).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 86777
      Temps écoulé: 19 minute(s), 42 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      -1
  21. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    @+
    -1
    1. Darkstayer Messages postés 334 Date d'inscription   Statut Membre Dernière intervention   30
       
      Merci pour ton Coup de pouce!!!! Bonne Soirée!!!
      -1
  • 1
  • 2