VIRUS ALERT!

Résolu
fatherted Messages postés 34 Statut Membre -  
fatherted Messages postés 34 Statut Membre -
Bonjour,
J'ai quelques soucis avec mon pc puisque j'ai un message dans la barre d'outils:"ALERT VIRUS!" et j'ai aussi un logiciel dénommé AntiSpywareXP2009 qui s'est installé. De plus lorsque j'ouvre des pages internet, il y a une redirectio vers des sites de logiciels anti-virus. Je ne peux également plus accéder aux onglets "Tous les programmes", "Rechercher", "Poste de travail", etc.
J'ai donc télécharger le logiciel HiJackThis dont voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36: VIRUS ALERT!, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\vspc1300.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\rundll32.exe
I:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: bkqxdons - {EF331C30-03C4-4CC9-B520-E4C41DB9AFAE} - C:\WINDOWS\TEMP\ac8zt2\bkqxdons.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SPC1300] C:\WINDOWS\vspc1300.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe
O4 - HKLM\..\Run: [AntiSpywareXP 2009] "C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe" /hide
O4 - HKLM\..\Run: [c0789878] rundll32.exe "C:\WINDOWS\system32\bffvlgyt.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: TrayMin1300.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: qnflkotm - {6C672E6A-F9F9-48D1-A093-C2D8C411F9F9} - \qnflkotm.dll (file missing)
O21 - SSODL: vwnskbot - {E7EAF101-F154-4516-AD51-3421CE11736C} - C:\WINDOWS\vwnskbot.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14469 bytes

Si quelqu'un pouvait m'aider je lui en serai très reconnaissant!Merci par avance.
Configuration: Windows XP
Internet Explorer 7.0

26 réponses

  • 1
  • 2
  1. piro25 Messages postés 227 Statut Membre 10
     
    il faut que tu installe malwarebytes anti malware
    tu fais les mise a jour puis le scan
    il va te "sauver la vie" ce logiciel
    2
    1. fatherted Messages postés 34 Statut Membre 1
       
      Bonsoir piro25,
      Merci du conseil, je suis en train de faire le scan avec malwarebytes!
      0
  2. Utilisateur anonyme
     
    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    # Relance le programme Smitfraud :
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
    1
  3. fatherted Messages postés 34 Statut Membre 1
     
    Alors voici le rapport:

    SmitFraudFix v2.367

    Rapport fait à 19:14:57,62, 27/10/2008
    Executé à partir de C:\Documents and Settings\clovis\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    \qnflkotm.dll deleted.

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\k.txt supprimé
    C:\WINDOWS\karna.dat supprimé
    C:\WINDOWS\system32\_scui.cpl supprimé
    C:\Documents and Settings\clovis\Application Data\Microsoft\Internet Explorer\Quick Launch\virusremover2008.lnk supprimé
    C:\Documents and Settings\clovis\Application Data\virusremover2008\ supprimé
    C:\DOCUME~1\clovis\MENUDM~1\Total Secure 2009.lnk supprimé
    C:\Program Files\TS-2009\ supprimé
    C:\Program Files\virusremover2008\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1160A5C-C633-4F34-BD74-B6018826CFFA}: DhcpNameServer=10.2.52.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1160A5C-C633-4F34-BD74-B6018826CFFA}: DhcpNameServer=10.2.52.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A1160A5C-C633-4F34-BD74-B6018826CFFA}: DhcpNameServer=10.2.52.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A1160A5C-C633-4F34-BD74-B6018826CFFA}: DhcpNameServer=10.2.52.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.2.52.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.2.52.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.2.52.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.2.52.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    1
  4. Utilisateur anonyme
     
    Telecharge malwarebytes

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    1
    1. fatherted Messages postés 34 Statut Membre 1
       
      C'est enfin terminé, je te poste le rapport malwarebytes:

      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1134
      Windows 5.1.2600 Service Pack 3

      27/10/2008 21:59:10
      mbam-log-2008-10-27 (21-59-10).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|G:\|)
      Eléments examinés: 174384
      Temps écoulé: 1 hour(s), 55 minute(s), 10 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 3
      Clé(s) du Registre infectée(s): 14
      Valeur(s) du Registre infectée(s): 3
      Elément(s) de données du Registre infecté(s): 3
      Dossier(s) infecté(s): 3
      Fichier(s) infecté(s): 29

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\bffvlgyt.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\WINDOWS\system32\ljJdeeCS.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\WINDOWS\system32\ljJCTnkJ.dll (Trojan.Vundo.H) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ced93f6-8df4-4ef3-a74f-8455311431b9} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{2ced93f6-8df4-4ef3-a74f-8455311431b9} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c158b9-fa74-4e49-971e-708f37b235d7} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjctnkj (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{99c158b9-fa74-4e49-971e-708f37b235d7} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0789878 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99c158b9-fa74-4e49-971e-708f37b235d7} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjdeecs -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjdeecs -> Delete on reboot.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (softwarereferral.com/jump.php?wmid=6010&mid=mji6ojg5&lid=2) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\data (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\ljJdeeCS.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\WINDOWS\system32\SCeedJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\SCeedJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ljJCTnkJ.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\WINDOWS\system32\bffvlgyt.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\WINDOWS\system32\tyglvffb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hgGyvWqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\byXrPhhE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ljJCuSLc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jkkHWOEx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jkkHWOgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jkkLBqOf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\khfCrqRh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{E9E085E7-2D04-46BF-BF24-710AADD73283}\RP521\A0087493.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\wscui.cpl (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\data\daily.cvd (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
      C:\Documents and Settings\clovis\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\photo album.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\Documents and Settings\clovis\Application Data\TmpRecentIcons\VirusRemover2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. fatherted Messages postés 34 Statut Membre 1
     
    j'ai un petit souci : ça ne veut pas mettre à jour malwarebytes!
    j'ai pourtant ajouté ce programme aux exceptions pare feu windows mais sans succès...
    Malgré ça j'ai qd mm lancé le scan complet.
    0
  7. Utilisateur anonyme
     
    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  8. fatherted Messages postés 34 Statut Membre 1
     
    Voici le rapport:

    ComboFix 08-10-27.01 - clovis 2008-10-27 22:34:27.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1584 [GMT 1:00]

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\MSINET.oca

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://megauplinkbindinstaller.com
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSserv
    -------\Legacy_TDSSserv
    -------\Legacy_NPF
    -------\Legacy_TDSSSERV.SYS

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-27 au 2008-10-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-27 19:50 . 2008-10-27 19:50 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-27 19:50 . 2008-10-27 19:50 <REP> d-------- C:\Documents and Settings\clovis\Application Data\Malwarebytes
    2008-10-27 19:50 . 2008-10-27 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-27 19:50 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-27 19:50 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-27 18:51 . 2008-10-27 19:15 3,958 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-27 18:49 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-10-27 18:49 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-10-27 18:49 . 2008-09-08 22:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-10-27 18:49 . 2008-10-01 14:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-10-27 18:49 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
    2008-10-27 18:49 . 2008-05-18 20:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-10-27 18:49 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-10-27 18:49 . 2008-08-18 11:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-10-27 18:49 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-10-27 18:49 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-10-27 18:49 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-10-27 17:37 . 2008-10-27 17:37 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-10-27 01:05 . 2004-08-05 13:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
    2008-10-27 01:05 . 2004-08-05 13:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
    2008-10-27 00:08 . 2008-10-27 00:08 19,823 --a------ C:\Documents and Settings\All Users\Application Data\logymobo.dat
    2008-10-27 00:08 . 2008-10-27 00:08 19,636 --a------ C:\Documents and Settings\clovis\Application Data\agusizopi.bat
    2008-10-27 00:08 . 2008-10-27 00:08 18,518 --a------ C:\WINDOWS\system32\iruti._dl
    2008-10-27 00:08 . 2008-10-27 00:08 18,175 --a------ C:\Program Files\Fichiers communs\ceba.exe
    2008-10-27 00:08 . 2008-10-27 00:08 17,514 --a------ C:\Program Files\Fichiers communs\wemy.scr
    2008-10-27 00:08 . 2008-10-27 00:08 16,586 --a------ C:\WINDOWS\system32\jese.dl
    2008-10-27 00:08 . 2008-10-27 00:08 16,399 --a------ C:\WINDOWS\derizifu.ban
    2008-10-27 00:08 . 2008-10-27 00:08 14,951 --a------ C:\WINDOWS\system32\ijevigi.dll
    2008-10-27 00:08 . 2008-10-27 00:08 13,457 --a------ C:\WINDOWS\system32\nyxegimo.inf
    2008-10-27 00:08 . 2008-10-27 00:08 12,803 --a------ C:\WINDOWS\ysew.pif
    2008-10-27 00:08 . 2008-10-27 00:08 12,724 --a------ C:\Documents and Settings\All Users\Application Data\bowohawyg.dll
    2008-10-27 00:08 . 2008-10-27 00:08 12,623 --a------ C:\WINDOWS\system32\uqawyhod.pif
    2008-10-27 00:08 . 2008-10-27 00:08 11,595 --a------ C:\Documents and Settings\clovis\Application Data\pyju.scr
    2008-10-27 00:03 . 2008-10-27 00:03 60,578 --a------ C:\WINDOWS\system32\wini10803.exe
    2008-10-26 23:52 . 2008-10-26 23:52 40,448 --a------ C:\WINDOWS\system32\av.dat
    2008-10-26 22:05 . 2008-10-26 22:05 101,888 --a------ C:\WINDOWS\system32\kbzsle.dll
    2008-10-26 22:05 . 2008-10-26 22:05 101,888 --a------ C:\WINDOWS\system32\hmlblcjv.dll
    2008-10-26 22:04 . 2008-10-26 22:04 1,399,974 ---hs---- C:\WINDOWS\system32\xcewqoml.ini
    2008-10-26 21:05 . 2008-10-26 21:05 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
    2008-10-24 13:09 . 2008-10-24 13:09 <REP> dr-h----- C:\Documents and Settings\clovis\Application Data\SecuROM
    2008-10-24 13:07 . 2008-05-30 13:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
    2008-10-24 13:07 . 2008-05-30 13:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-10-24 13:07 . 2008-05-30 13:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
    2008-10-24 13:07 . 2008-03-05 15:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
    2008-10-24 13:07 . 2008-05-30 13:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
    2008-10-24 13:07 . 2008-05-30 13:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
    2008-10-24 13:07 . 2008-03-05 15:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
    2008-10-24 13:07 . 2008-05-30 13:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-10-24 13:07 . 2008-05-30 13:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-10-24 13:05 . 2008-10-24 13:05 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-10-24 13:05 . 2008-10-24 13:05 22,328 --a------ C:\Documents and Settings\clovis\Application Data\PnkBstrK.sys
    2008-10-24 13:04 . 2008-10-24 13:04 2,250,024 --a------ C:\WINDOWS\system32\pbsvc.exe
    2008-10-24 13:04 . 2008-10-24 13:04 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-10-24 13:04 . 2008-10-24 13:04 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-10-23 17:50 . 2008-10-15 17:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
    2008-10-22 12:33 . 2008-10-26 22:00 <REP> d-------- C:\Documents and Settings\clovis\Application Data\HPAppData
    2008-10-22 12:26 . 2008-10-22 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
    2008-10-22 12:24 . 2008-10-22 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    2008-10-22 12:24 . 2007-10-20 12:45 729,088 -ra------ C:\WINDOWS\system32\hpowiax7.dll
    2008-10-22 12:24 . 2007-10-20 12:45 581,632 -ra------ C:\WINDOWS\system32\hpotscl6.dll
    2008-10-22 12:24 . 2007-10-29 05:25 372,736 -ra------ C:\WINDOWS\system32\hppldcoi.dll
    2008-10-22 12:24 . 2007-10-20 12:45 303,104 -ra------ C:\WINDOWS\system32\hpovst15.dll
    2008-10-22 12:24 . 2007-10-20 17:25 118,272 --a------ C:\WINDOWS\system32\hpz3l5mu.dll
    2008-10-22 12:20 . 2008-10-22 12:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    2008-10-22 12:20 . 2008-10-22 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
    2008-10-22 12:20 . 2008-10-22 12:20 0 --a------ C:\WINDOWS\system32\ُُ
    2008-10-22 12:19 . 2008-10-22 12:19 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-10-22 12:19 . 2008-10-22 12:19 <REP> d-------- C:\Program Files\Fichiers communs\HP
    2008-10-22 12:19 . 2008-10-22 12:19 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
    2008-10-22 12:16 . 2008-10-22 12:29 181,038 --a------ C:\WINDOWS\hpoins28.dat
    2008-10-22 12:16 . 2007-12-11 20:01 932 --------- C:\WINDOWS\hpomdl28.dat
    2008-10-16 21:35 . 2008-10-16 21:35 <REP> d-------- C:\Documents and Settings\clovis\.spss
    2008-10-16 21:04 . 2008-10-16 21:04 <REP> d-------- C:\Program Files\SPSSInc
    2008-10-16 21:04 . 2008-10-16 21:04 <REP> d-------- C:\Program Files\Fichiers communs\SPSS
    2008-10-16 21:04 . 2008-10-16 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SPSS
    2008-10-16 17:45 . 2008-10-16 17:45 1,024 --a------ C:\WINDOWS\system32\grcauth2.dll
    2008-10-16 17:45 . 2008-10-16 17:45 1,024 --a------ C:\WINDOWS\system32\grcauth1.dll
    2008-10-16 17:45 . 2008-10-16 21:32 114 --a------ C:\WINDOWS\system32\prsgrc.tgz
    2008-10-16 17:45 . 2008-10-16 21:32 100 --a------ C:\WINDOWS\system32\prsgrc.dll
    2008-10-16 17:40 . 2008-10-16 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
    2008-10-16 17:37 . 2008-10-16 17:37 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
    2008-10-16 17:37 . 2008-10-16 17:37 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
    2008-10-16 17:37 . 2008-10-16 21:03 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
    2008-10-16 17:37 . 2008-10-16 21:03 205 --a------ C:\WINDOWS\system32\lsprst7.dll
    2008-10-16 17:37 . 2008-10-16 21:03 16 ---h----- C:\WINDOWS\system32\servdat.slm
    2008-10-16 17:00 . 2008-10-16 21:03 0 --a------ C:\law.sp
    2008-10-15 23:19 . 2008-09-15 16:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-15 23:19 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 23:18 . 2008-08-14 14:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-15 23:18 . 2008-08-14 14:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-15 23:18 . 2008-08-14 14:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-15 23:18 . 2008-08-14 14:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-14 18:19 . 2008-10-14 18:19 <REP> d-------- C:\WINDOWS\system32\fr
    2008-10-14 18:19 . 2008-10-14 18:19 <REP> d-------- C:\WINDOWS\system32\bits
    2008-10-14 18:09 . 2008-10-14 18:09 <REP> d-------- C:\WINDOWS\EHome
    2008-10-13 13:48 . 2008-04-17 12:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2008-10-13 13:48 . 2008-04-17 12:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2008-10-13 13:47 . 2008-10-13 13:48 <REP> d-------- C:\Program Files\iTunes
    2008-10-13 13:47 . 2008-10-13 13:47 <REP> d-------- C:\Program Files\iPod
    2008-10-13 13:47 . 2008-10-13 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-13 13:33 . 2008-10-13 13:33 <REP> d-------- C:\Program Files\Bonjour
    2008-10-13 13:32 . 2008-10-13 13:33 <REP> d-------- C:\Program Files\QuickTime
    2008-10-05 17:10 . 2008-10-05 17:10 <REP> d-------- C:\WINDOWS\l2schemas
    2008-10-05 17:08 . 2008-10-05 17:10 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-10-04 03:04 . 2008-10-04 03:04 <REP> d-------- C:\Program Files\BitTorrent
    2008-10-03 14:52 . 2008-10-03 14:52 <REP> d-------- C:\Program Files\DNA
    2008-10-03 14:52 . 2008-10-27 22:30 <REP> d-------- C:\Documents and Settings\clovis\Application Data\DNA
    2008-10-03 14:52 . 2008-10-26 21:06 <REP> d-------- C:\Documents and Settings\clovis\Application Data\BitTorrent
    2008-10-03 14:51 . 2008-10-03 14:51 <REP> d-------- C:\Program Files\LimeWire
    2008-10-03 13:47 . 2008-10-03 13:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_phaudlwr_01005.Wdf
    2008-10-03 13:42 . 2008-10-03 13:42 <REP> d-------- C:\Program Files\Philips_VLounge
    2008-10-03 13:42 . 1995-08-01 03:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-10-03 13:41 . 2008-10-03 13:41 <REP> d-------- C:\Program Files\Philips
    2008-10-03 13:41 . 2007-07-06 18:26 3,033,856 --a------ C:\WINDOWS\system32\drivers\spc1300.sys
    2008-10-03 13:41 . 2007-05-31 14:54 675,840 --a------ C:\WINDOWS\vspc1300.exe
    2008-10-03 13:41 . 2007-07-06 13:58 483,328 --a------ C:\WINDOWS\system32\vspc1300.dll
    2008-10-03 13:41 . 2007-07-16 10:28 88,320 --a------ C:\WINDOWS\system32\drivers\phaudlwr.sys
    2008-10-03 13:41 . 2005-11-23 12:55 53,248 --a------ C:\WINDOWS\system32\cspc1300.dll
    2008-10-03 13:41 . 2007-06-01 15:39 28,672 --a------ C:\WINDOWS\system32\drivers\spc1300c.sys
    2008-10-03 13:41 . 2006-05-19 10:39 15,497 --a------ C:\WINDOWS\spc1300.ini
    2008-10-03 13:41 . 2006-05-19 10:53 13,022 --a------ C:\WINDOWS\spc1300.src
    2008-10-02 19:26 . 2008-04-11 20:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-09-27 01:08 . 2008-09-27 01:08 <REP> d-------- C:\Musique

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-26 23:08 16,049 ----a-w C:\Program Files\Fichiers communs\irihe.inf
    2008-10-24 13:13 --------- d-----w C:\Program Files\Wanadoo
    2008-10-24 11:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-24 11:58 --------- d-----w C:\Program Files\Ubisoft
    2008-10-24 01:03 --------- d-----w C:\Documents and Settings\clovis\Application Data\ArcSoft
    2008-10-22 11:26 --------- d-----w C:\Documents and Settings\clovis\Application Data\HP
    2008-10-22 11:25 --------- d-----w C:\Program Files\HP
    2008-10-22 10:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-10-21 18:58 --------- d-----w C:\Documents and Settings\clovis\Application Data\LimeWire
    2008-10-15 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-13 12:32 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-13 12:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-10-02 17:26 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-06 23:37 --------- d-----w C:\Documents and Settings\clovis\Application Data\Panasonic
    2008-09-06 23:23 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2008-09-06 23:22 --------- d-----w C:\Program Files\ArcSoft
    2008-09-06 23:20 --------- d-----w C:\Program Files\Panasonic
    2006-01-31 15:39 8 -csh--r C:\WINDOWS\system32\6C9E850446.sys
    2006-09-03 13:37 56 -csh--r C:\WINDOWS\system32\BA58F317A6.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-11-25 20480]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-03 289088]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-02 7557120]
    "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 497376]
    "MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-11 32768]
    "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-10-16 24576]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-10-16 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-10-16 53248]
    "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
    "SPC1300"="C:\WINDOWS\vspc1300.exe" [2007-05-31 675840]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\clovis\Menu D‚marrer\Programmes\D‚marrage\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-08-29 954475]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-11-25 450560]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-05 784912]
    PHOTOfunSTUDIO -viewer-.lnk - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-09-07 40960]
    TrayMin1300.lnk - C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2008-10-03 245760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 09:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\fxsclnt.exe"=
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
    "C:\\Program Files\\BitTorrent\\BitTorrent.exe"= C:\\Program Files\\BitTorrent\\bittorrent.exe
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
    "C:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
    "C:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
    "C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{121d391b-b7b0-11db-bf8c-00038a000015}]
    \Shell\AutoRun\command - ~tmp0.1st.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d87c080-0cb6-11dd-817d-0013024aca1f}]
    \Shell\AutoRun\command - G:\RavMon.exe
    \Shell\explore\Command - G:\RavMon.exe -e
    \Shell\open\Command - G:\RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{311daa7d-95ae-11db-bf60-4d6564696130}]
    \Shell\AutoRun\command - I:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{436f5e79-095f-11dc-bffe-00038a000015}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2008-10-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
    - C:\Documents and Settings\clovis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

    2008-10-22 C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job
    - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 19:40]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-{EF331C30-03C4-4CC9-B520-E4C41DB9AFAE} - C:\WINDOWS\TEMP\ac8zt2\bkqxdons.dll
    HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    HKLM-Run-autoclk - autoclk.exe
    HKLM-Run-adiras - adiras.exe

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = softwarereferral.com/jump.php?wmid=6010&mid=mji6ojg5&lid=2
    R1 -: HKCU-Internet Settings,ProxyOverride = localhost;*.local
    O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_0_32.cab
    C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-27 22:44:14
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
    "imagepath"="\systemroot\system32\drivers\TDSSmxst.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\clovis\LOCALS~1\Temp\mc23.tmp"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-27 22:50:06 - La machine a redémarré [clovis]
    ComboFix-quarantined-files.txt 2008-10-27 21:49:57

    Avant-CF: 11,057,405,952 octets libres
    Après-CF: 11,620,569,088 octets libres

    343 --- E O F --- 2008-10-23 17:01:20
    0
  9. Utilisateur anonyme
     
    Telecharge UsbFix sur ton bureau

    --> Lance l installation avec les parametres par default

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Double clic sur le raccourci UsbFix sur ton bureau

    --> Le pc va redémarer

    -->Apres redémarrage post le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
    0
  10. fatherted Messages postés 34 Statut Membre 1
     
    -------------- UsbFix V2.395 ---------------

    * User : clovis - CLOCLO
    * Outils mis a jours le 27/10/2008 par Chiquitine29 et Chimay8
    * Recherche effectuée à 23:08:31 le 27/10/2008
    * Windows Xp - Internet Explorer 7.0.5730.11

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\userinit.exe
    C:\DOCUME~1\clovis\LOCALS~1\Temp\1.tmp\b2e.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur fixe

    E: - Lecteur fixe

    G: - Lecteur fixe

    H: - Lecteur de CD-ROM

    +- Contenu de l'autorun : H:\autorun.inf

    [AutoRun]
    OPEN=autorun.exe
    ICON=app.ico

    --------------- [ Registre / Startup ] ----------------

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
    DXM6Patch_981116 REG_SZ C:\WINDOWS\p_981116.exe /Q:A
    MessagerStarter Wanadoo REG_SZ C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    WooCnxMon REG_SZ C:\PROGRA~1\Wanadoo\CnxMon.exe
    WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
    WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    ArcSoft Connection Service REG_SZ C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    SPC1300 REG_SZ C:\WINDOWS\vspc1300.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    hpqSRMon REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
    SuperCopier2.exe REG_SZ C:\Program Files\SuperCopier2\SuperCopier2.exe
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
    WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{121d391b-b7b0-11db-bf8c-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-3889398425-3364761815-2410325488-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{121d391b-b7b0-11db-bf8c-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d87c080-0cb6-11dd-817d-0013024aca1f}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-3889398425-3364761815-2410325488-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d87c080-0cb6-11dd-817d-0013024aca1f}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d87c080-0cb6-11dd-817d-0013024aca1f}\Shell\explore\Command
    Supprimé ! - HKEY_USERS\S-1-5-21-3889398425-3364761815-2410325488-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d87c080-0cb6-11dd-817d-0013024aca1f}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d87c080-0cb6-11dd-817d-0013024aca1f}\Shell\open\Command
    Supprimé ! - HKEY_USERS\S-1-5-21-3889398425-3364761815-2410325488-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d87c080-0cb6-11dd-817d-0013024aca1f}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{311daa7d-95ae-11db-bf60-4d6564696130}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-3889398425-3364761815-2410325488-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{311daa7d-95ae-11db-bf60-4d6564696130}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{436f5e79-095f-11dc-bffe-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-3889398425-3364761815-2410325488-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{436f5e79-095f-11dc-bffe-00038a000015}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Echec de la supression !! - H:\autorun.inf
    Echec de la supression !! - H:\autorun.exe
    Echec de la supression !! - H:\setup.exe
    Echec de la supression !! - H:\autorun.inf
    Echec de la supression !! - H:\autorun.inf

    --------------- ! Fin du rapport ! ----------------
    0
  11. Utilisateur anonyme
     
    * Télécharge SDFix depuis ce lien : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    * Enregistre SDFix sur ton bureau
    * Double-clique sur l'icone SDFix
    * Une fenêtre s'ouvre, laisse les options telles quelles puis clique sur le bouton InstallSDFix .

    Pour la suite le nettoyage se fait en mode sans échec.

    Pour redémarrer en mode sans échec :

    * Redémarre ton PC, avant le logo Windows et après le changement du premier écran
    * Tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuie sur la touche entrée du clavier.
    * Pour plus d'informations, voir la page comment redémarrer en mode sans échec

    * Une fois en mode sans échec, clique sur le menu Démarrer puis Exécuter et colle la commande suivant :
    C:\SDFix\RunThis.bat
    * Cliquez sur OK.
    * Une fenêtre noire s'ouvre vous donnant la version du Fix.
    * Appuyez sur la touche Y (pour yes) du clavier et appuyez sur Entrée

    *A ce moment le bureau (Menu Démarrer etc.) va disparaître.

    * Le Fix commence son travail, cela peut durer une trentaines de minutes
    * Une fois les opérations de nettoyage effectuées... SDFix signale que l'ordinateur doit être redémarré :

    >>>The PC Will now restart

    * Appuie sur une touche du clavier

    * L'ordinateur va redémarrer normalement.
    * Avant d'arriver sur le bureau, une nouvelle fenêtre de SDFix va s'ouvrir. Ca peut durer cinq minutes...

    >> Le rapport SDFix s'ouvre alors fais un copier coller et envoi le.

    0
  12. fatherted Messages postés 34 Statut Membre 1
     
    [b]SDFix: Version 1.238 [/b]
    Run by clovis on 27/10/2008 at 23:32

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
    C:\DOCUME~1\CLOVIS\COOKIES\UCOPAT~1.DLL - Deleted
    C:\DOCUME~1\CLOVIS\COOKIES\XASYLIP.REG - Deleted
    C:\Documents and Settings\clovis\Bureau\Malware Defender.url - Deleted
    C:\Documents and Settings\clovis\Favoris\Malware Defender.url - Deleted
    C:\Documents and Settings\clovis\Bureau\Protect Your Privacy.url - Deleted
    C:\Documents and Settings\clovis\Favoris\Protect Your Privacy.url - Deleted
    C:\Documents and Settings\clovis\Bureau\System Error Fixer.url - Deleted
    C:\Documents and Settings\clovis\Favoris\System Error Fixer.url - Deleted
    C:\WINDOWS\system32\wini10803.exe - Deleted
    C:\WINDOWS\Temp\TDSS3912.tmp - Deleted
    C:\WINDOWS\Temp\TDSS3922.tmp - Deleted
    C:\WINDOWS\Temp\TDSS7526.tmp - Deleted
    C:\Documents and Settings\clovis\Bureau\AntiSpywareXP2009.lnk - Deleted
    C:\Documents and Settings\clovis\Bureau\Total Secure 2009.lnk - Deleted
    C:\WINDOWS\SYSTEM32\TDSSNPUR.DLL - Deleted
    C:\WINDOWS\SYSTEM32\TDSSARXX.DLL - Deleted
    C:\WINDOWS\SYSTEM32\TDSSVOQM.DLL - Deleted
    C:\WINDOWS\SYSTEM32\TDSSMTVE.DAT - Deleted
    C:\WINDOWS\SYSTEM32\TDSSOIQH.LOG - Deleted
    C:\WINDOWS\SYSTEM32\TDSSNMXH.LOG - Deleted

    Could Not Remove C:\WINDOWS\SYSTEM32\TDSSOITU.DLL
    Could Not Remove C:\WINDOWS\SYSTEM32\DRIVERS\TDSSMXST.SYS

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-27 23:46:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    disk error: C:\WINDOWS\system32\config\system, 0
    scanning hidden registry entries ...

    disk error: C:\WINDOWS\system32\config\software, 0
    disk error: C:\Documents and Settings\clovis\ntuser.dat, 0
    scanning hidden files ...

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"
    "C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax"
    "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramŠtres"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\BitTorrent\\BitTorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\SPSSInc\\SPSS16\\spss.com"="C:\\Program Files\\SPSSInc\\SPSS16\\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com)"
    "C:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"="C:\\Program Files\\SPSSInc\\SPSS16\\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe)"
    "C:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"="C:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe:*:Enabled:Far Cry 2"
    "C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
    "C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:Editeur"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"
    "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
    "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
    "C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax"
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
    "C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
    "C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
    "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"
    "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*:enabled:Nero MediaHome"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    C:\WINDOWS\SYSTEM32\TDSSOITU.DLL Found
    C:\WINDOWS\SYSTEM32\DRIVERS\TDSSMXST.SYS Found

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Tue 31 Jan 2006 8 ..SHR --- "C:\WINDOWS\system32\6C9E850446.sys"
    Sun 3 Sep 2006 56 ..SHR --- "C:\WINDOWS\system32\BA58F317A6.sys"
    Wed 27 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 2 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Mon 27 Oct 2008 192 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
    Fri 24 Oct 2008 910 ...HR --- "C:\Documents and Settings\clovis\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\afcagug.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\alc31i2.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\eexohov.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\hhg1yw9.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\krfvaa5.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\mbnn9ry.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ol68h33.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\r6laf39.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\v8i9bgy.dll"
    Thu 16 Oct 2008 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\wnau908.dll"

    [b]Finished![/b]
    0
  13. Utilisateur anonyme
     
    Salut,

    coment va le pc ?

    refais un scan hijackthis et post le rapport stp
    0
  14. fatherted Messages postés 34 Statut Membre 1
     
    Salut,
    Le pc se porte bcp mieux merci.
    Voici le scan hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:39:43, on 28/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\WINDOWS\vspc1300.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
    C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\clovis\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [SPC1300] C:\WINDOWS\vspc1300.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
    O4 - Global Startup: TrayMin1300.lnk = ?
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  15. Utilisateur anonyme
     
    réouvre hijackthis
    fais scan only
    coches ces lignes :

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

    tu les coches et tu clic sur fix checked

    ensuite :

    Démarrer > executer > tape : services.msc

    - Clic droit sur le service cité - SQLAgent$PINNACLESYS
    - propriétés
    - et dans "type de démarrage" et mets le sur « désactivé ».
    - Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

    Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

    ensuite désinstal java car pas a jours et telecharge et instal cette version :

    https://www.java.com/fr/download/manual.jsp

    idem pour adobe reader :

    https://get2.adobe.com/reader/otherversions/

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->Antivir le telecharger

    tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
    tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

    Pour désinstaller Avast telecharge cet outil

    ensuite :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    http://pc-system.fr/
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    http://download.piriform.com/ccsetup210.exe

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    -> Tuto : https://www.malekal.com/tutoriel-ccleaner/

    Désactive et réactive ta restauration system :

    (1) Désactiver la Restauration du système

    cliques sur Démarrer
    Cliques droit sur Poste de travail
    cliques sur Propriétés
    Cliques sur l'onglet Restauration du système
    Coches Désactiver la Restauration du système sur tous les lecteurs
    Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
    cliques sur Oui.
    Cliques sur OK.

    (2) Activer la Restauration du système

    cliques sur Démarrer
    Cliques droit sur Poste de travail
    cliques sur Propriétés
    Cliques sur l'onglet Restauration du système
    Décoches Désactiver la Restauration du système sur tous les lecteurs
    Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
    cliques sur Oui.
    Cliques sur OK.

    Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

    0
  16. fatherted Messages postés 34 Statut Membre 1
     
    J'ai un problème puisque je n'arrive pas à télécharger Antivir, j'ai tout le temps une page "internet explorer ne peut pas afficher cette page web" alors que je suis connecté à internet!
    Je ne sais pas quoi faire...
    0
  17. fatherted Messages postés 34 Statut Membre 1
     
    non ça ne fonctionne tjrs pas, rien ne se passe et si je clique sur les liens proposés, j'obtiens tjrs le mm message que tt a l'heure!
    0
  18. fatherted
     
    J'ai lancé Ccleaner, fais le nettoyage, mais tjrs rien...
    Je n'arrive mm pas à ouvrir les tutos!
    Je ne comprends pas ce qu'il se passe...
    0
  19. Utilisateur anonyme
     
    c est bizarre je sais que le site bug ...

    tape antivir dans google et essai de le telecharger pur voir
    0
  • 1
  • 2