Virus/Trojan : Fond d'écran bizarre, alertes.Résolu/Fermé

Question

Bonjour,

Depuis hier je suis victime d'un cheval de troie qui a modifié mon fond d'écran (et m'empêche de remettre celui que je veux), fait des bruitages, essaie de mettre des films X dans mes favoris... et qui m'envoie des alertes toutes les trois minutes. Kapersky et Ad-Aware n'ont pas réussi à me l'enlever. Apparemment je n'ai perdu aucun fichier...

J'ai fait un scan avec Hijackthis, le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:21, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\vlc.exe
C:\WINDOWS\wdmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\DOCUME~1\TAVARES\LOCALS~1\Temp\xxx7337.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\DOCUME~1\TAVARES\LOCALS~1\Temp\~tmpb.exe
C:\WINDOWS\system32\4W7e83eV.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008\TrayServer.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe
O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSFox] D:\DOCUME~1\TAVARES\LOCALS~1\Temp\xxx7337.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe

sKe69 · Answer

Salut,


très infecté ...


fais ceci pour commencer :


1- Désactiver le redémarrage automatique :

A) Aller dans le menu "Démarrer"/"Panneau de configuration", puis "Performances et maintenance" et enfin "Système" .
Ou bien en faisant un clic-droit sur "Poste de travail" ( sur "ordinateur" pour Vista ) et en sélectionnant "Propriétés" .
 
B) Cliquez sur l'onglet "Avancé" ( pour Vista , cliquer dans "tâche" sur "paramètre systeme avancés" )
C) Ensuite , dans le 3eme paragraphe "Démarrage et récupération" , cliquer sur "paramètre" .
D) Dans le paragraphe "Défaillance du système" : décocher "Redémarrer automatiquement" .

puis cliquer sur "Ok" , "appliquer" et encore "Ok" pour valider la modif . 

Conseil : laisses ces paramètres par la suite ...


2- Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Installes le soft sur ton bureau ( et pas ailleurs! ) .

!! Déconnectes toi, fermes toute tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Autre tuto animé ( merci balltrapp34 ;) ) : http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
 
Utilisation ---> option 1 / Recherche : 
Double cliques sur l'icône "Smitfraudfix.exe" et sélectionnes 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.
 
Postes le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite ...

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

jlpjlp · Answer

slt

installe malwarebyte et colle un rapport minutieux avec:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

M.Templier · Answer

Merci à vous de m'aider ! Voici le rapport obtenu avec SmitfraudFix :

SmitFraudFix v2.368

Rapport fait à 18:32:28,35, 28/10/2008
Executé à partir de D:\Documents and Settings\TAVARES\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\vlc.exe
C:\WINDOWS\wdmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\DOCUME~1\TAVARES\LOCALS~1\Temp\xxx7337.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\DOCUME~1\TAVARES\LOCALS~1\Temp\~tmpb.exe
C:\WINDOWS\system32\4W7e83eV.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\

D:\autorun.inf PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\msxml71.dll PRESENT !
C:\WINDOWS\system32\scui.cpl PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\TAVARES


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\TAVARES\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\TAVARES\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"IPC Configuration Utility"="IPC Configuration Utility"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{020487CC-FC04-4B1E-863F-D9801796230B}"="Windows Installer Class"

[HKEY_CLASSES_ROOT\CLSID\{020487CC-FC04-4B1E-863F-D9801796230B}\InProcServer32]
@="D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{020487CC-FC04-4B1E-863F-D9801796230B}\InProcServer32]
@="D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E24E4620-49DD-4188-BA8A-492D6BD3EFC0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E24E4620-49DD-4188-BA8A-492D6BD3EFC0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E24E4620-49DD-4188-BA8A-492D6BD3EFC0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

sKe69 · Answer

bien ...

Suite de la manipe ( nettoyage ), fais exactement ce qui suit : 

Impératif : Démarrer en mode sans echec .

 /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\ 

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage . 
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ). 
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...
 
* Double-cliques sur SmitfraudFix.exe 

* Sélectionnes 2 et presses "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection. 

--> Si besion :

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection. 

( Le correctif déterminera si le fichier wininet.dll est infecté.)
 
* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée 
pour remplacer le fichier corrompu. 

* Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage ( sinon fais le manuellement ) 

Le rapport se trouve à la racine de C\: 
(dans le fichier "rapport.txt") 

Postes moi ce dernier rapport accompagné, dans la même réponse, d'un nouveau rapport 
hijackthis ( fais en mode normal ) et attends les instructions ...

jlpjlp · Answer

slt tu as raison je voulais varier

je te laisse faire !!

a plus amigo

M.Templier · Answer

Désolé mais je n'arrive pas du tout à accéder au menu pour choisir le mode sans échec, même en lapidant F8 ou F5 au démarrage...(toujorus Packard Bell au démarrage). Y'a pas un autre moyen pour y accéder ?

M.Templier · Answer

Pourtant y'a bien marqué F8 Boot Device. :S
J'essaie une dernière fois.

sKe69 · Answer

Il faut tapotter sans discontinuer de l'alumage du PC , jusqu'a l'apparition du menu de démarrage ... ;)


Si cela n'est toujours pas possible , fais moi le savoir ...

M.Templier · Answer

Non, rien à faire -_-"

Faut passer par MSConfig non ?

M.Templier · Answer

Voilà le message qu'il m'affiche :

"la modification du registre a été désactivée par votre aministrateur"

Pourtant je n'ai qu'une seule session...

C'est peut-être l'oeuvre du virus ?

sKe69 · Answer

Lances la suite de la manipe de Smithfraudfix en mode normal et postes moi les rapports demandés ....

M.Templier · Answer

SmitFraudFix v2.368

Rapport fait à 20:24:48,89, 28/10/2008
Executé à partir de D:\Documents and Settings\TAVARES\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"IPC Configuration Utility"="IPC Configuration Utility"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{020487CC-FC04-4B1E-863F-D9801796230B}"="Windows Installer Class"

[HKEY_CLASSES_ROOT\CLSID\{020487CC-FC04-4B1E-863F-D9801796230B}\InProcServer32]
@="D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{020487CC-FC04-4B1E-863F-D9801796230B}\InProcServer32]
@="D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

D:\autorun.inf supprimé
C:\WINDOWS\Tasks\At?.job supprimé
C:\WINDOWS\Tasks\At??.job supprimé
Problème suppression C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\scui.cpl supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E24E4620-49DD-4188-BA8A-492D6BD3EFC0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E24E4620-49DD-4188-BA8A-492D6BD3EFC0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E24E4620-49DD-4188-BA8A-492D6BD3EFC0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"IPC Configuration Utility"="IPC Configuration Utility"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{020487CC-FC04-4B1E-863F-D9801796230B}"="Windows Installer Class"

[HKEY_CLASSES_ROOT\CLSID\{020487CC-FC04-4B1E-863F-D9801796230B}\InProcServer32]
@="D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{020487CC-FC04-4B1E-863F-D9801796230B}\InProcServer32]
@="D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll"



»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\msxml71.dll supprimé 
 

»»»»»»»»»»»»»»»»»»»»»»»» Fin




Et le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:08, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\vlc.exe
C:\WINDOWS\wdmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008\TrayServer.exe
O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe
O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe

sKe69 · Answer

Bien ... on continue :


1- Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre . 
Lors de l'installation: 
-choisis bien "francais" en langue . 
-avant de cliquer sur le bouton "installer", décoches toutes les "options supplémentaires" sauf les 2 premières. 


Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage 
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


2- Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! 

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ... 
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil . 
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité 
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )

M.Templier · Answer

Voilà :


   -----------\  ToolBar S&D 1.2.4   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) D CPU 3.00GHz )
   BIOS : Award Medallion BIOS v6.00PG
   USER : TAVARES ( Administrator )
   BOOT : Normal boot
   Antivirus : Kaspersky Internet Security 7.0.0.119 (Activated)
   Firewall  : Kaspersky Anti-Hacker 1.7.0.130 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:226 Go (Free:207 Go)
   D:\ (Local Disk) - NTFS - Total:232 Go (Free:198 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD)
   G:\ (USB)

   "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
   Option : [1] ( 28/10/2008|21:14 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\Hbtools
   C:\Program Files\Hbtools\Bin
   C:\Program Files\Hbtools\HbTools.log
   C:\Program Files\Hbtools\HbTools_1141916432.log
   C:\Program Files\Hbtools\HbTools_1143967208.log
   C:\Program Files\Hbtools\HbTools_1147544648.log
   C:\Program Files\Hbtools\HbTools_1149885486.log
   C:\Program Files\Hbtools\HbTools_1156883969.log
   C:\Program Files\Hbtools\HBTV
   C:\Program Files\HbTools_Icons
   C:\Program Files\HbTools_Icons\games2.ico
   C:\Program Files\HbTools_Icons\wallpapere1.ico
   C:\Program Files\Hotbar
   C:\Program Files\ShopperReports
   C:\Program Files\ShopperReports\Bin
   C:\Program Files\ShopperReports\cs
   C:\Program Files\ShopperReports\Uninst.exe
   D:\DOCUME~1\TAVARES\LOCALS~1\Temp\ICD1.tmp

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   --------------------\  Recherche d'autres infections

   --------------------\  ROGUES ..

   C:\PROGRA~1\Antivirus 2009
   C:\PROGRA~1\Error Safe Free




   1 - "C:\ToolBar SD\TB_1.txt" - 28/10/2008|21:17 - Option : [1]

   -----------\  Fin du rapport a 21:17:10,01

sKe69 · Answer

la suite :

Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!  

Relances Toolbar-S&D en double-cliquant sur le raccourci. 
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée". 

Note : ne touches à rien lors de la suppression ! 

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

M.Templier · Answer

-----------\  ToolBar S&D 1.2.4   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) D CPU 3.00GHz )
   BIOS : Award Medallion BIOS v6.00PG
   USER : TAVARES ( Administrator )
   BOOT : Normal boot
   Antivirus : Kaspersky Internet Security 7.0.0.119 (Activated)
   Firewall  : Kaspersky Anti-Hacker 1.7.0.130 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:226 Go (Free:207 Go)
   D:\ (Local Disk) - NTFS - Total:232 Go (Free:198 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD)
   G:\ (USB)

   "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
   Option : [2] ( 28/10/2008|21:29 )

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\Hbtools\Bin
   Supprime! - C:\Program Files\Hbtools\HbTools.log
   Supprime! - C:\Program Files\Hbtools\HbTools_1141916432.log
   Supprime! - C:\Program Files\Hbtools\HbTools_1143967208.log
   Supprime! - C:\Program Files\Hbtools\HbTools_1147544648.log
   Supprime! - C:\Program Files\Hbtools\HbTools_1149885486.log
   Supprime! - C:\Program Files\Hbtools\HbTools_1156883969.log
   Supprime! - C:\Program Files\Hbtools\HBTV
   Supprime! - C:\Program Files\HbTools_Icons\games2.ico
   Supprime! - C:\Program Files\HbTools_Icons\wallpapere1.ico
   Supprime! - C:\Program Files\ShopperReports\Bin
   Supprime! - C:\Program Files\ShopperReports\cs
   Supprime! - C:\Program Files\ShopperReports\Uninst.exe
   Supprime! - D:\DOCUME~1\TAVARES\LOCALS~1\Temp\ICD1.tmp
   Supprime! - C:\Program Files\Hbtools
   Supprime! - C:\Program Files\HbTools_Icons
   Supprime! - C:\Program Files\Hotbar
   Supprime! - C:\Program Files\ShopperReports

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   --------------------\  ROGUES ..

   C:\PROGRA~1\Antivirus 2009
   C:\PROGRA~1\Error Safe Free




   1 - "C:\ToolBar SD\TB_1.txt" - 28/10/2008|21:17 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 28/10/2008|21:31 - Option : [2]

   -----------\  Fin du rapport a 21:31:28,43



Et Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:20, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\vlc.exe
C:\WINDOWS\wdmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008\TrayServer.exe
O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe
O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - D:\DOCUME~1\TAVARES\LOCALS~1\Temp\wndutl32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe

sKe69 · Answer

Bien ... une bonne chose de faite ...mais le gros du boulot reste à faire ...


fesons une petite vérif avant de poursuivre :


1- Avoir accès aux fichiers cachés :
 
Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage 
* "Afficher les fichiers et dossiers cachés" ---> coché 
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché 
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )


2- Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Copies ce qui suit et colles le dans l'espace pour la recherche : 
C:\Program Files\MIC\HAWAII\Hawaii.exe 

Cliques sur Send File ( = " Envoyer le fichier " ). 

Un rapport va s'élaborer ligne à ligne. 

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copies le dans ta prochaine réponse ( surtout le listing des AV ) ... 

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

M.Templier · Answer

AhnLab-V3 2008.10.28.3 2008.10.28 - 
AntiVir 7.9.0.10 2008.10.28 - 
Authentium 5.1.0.4 2008.10.28 - 
Avast 4.8.1248.0 2008.10.28 - 
AVG 8.0.0.161 2008.10.28 - 
BitDefender 7.2 2008.10.28 - 
CAT-QuickHeal 9.50 2008.10.28 - 
ClamAV 0.93.1 2008.10.28 - 
DrWeb 4.44.0.09170 2008.10.28 - 
eSafe 7.0.17.0 2008.10.28 - 
eTrust-Vet 31.6.6177 2008.10.28 - 
Ewido 4.0 2008.10.28 - 
F-Prot 4.4.4.56 2008.10.28 - 
F-Secure 8.0.14332.0 2008.10.28 - 
Fortinet 3.117.0.0 2008.10.28 - 
GData 19 2008.10.28 - 
Ikarus T3.1.1.44.0 2008.10.28 - 
K7AntiVirus 7.10.510 2008.10.28 - 
Kaspersky 7.0.0.125 2008.10.28 - 
McAfee 5417 2008.10.28 - 
Microsoft 1.4005 2008.10.28 - 
NOD32 3563 2008.10.28 - 
Norman 5.80.02 2008.10.28 - 
Panda 9.0.0.4 2008.10.28 - 
PCTools 4.4.2.0 2008.10.28 - 
Prevx1 V2 2008.10.28 - 
Rising 21.01.12.00 2008.10.28 - 
SecureWeb-Gateway 6.7.6 2008.10.28 - 
Sophos 4.35.0 2008.10.28 - 
Sunbelt 3.1.1762.1 2008.10.28 - 
Symantec 10 2008.10.28 - 
TheHacker 6.3.1.1.132 2008.10.28 - 
TrendMicro 8.700.0.1004 2008.10.28 - 
VBA32 3.12.8.8 2008.10.28 - 
ViRobot 2008.10.28.1441 2008.10.28 - 
VirusBuster 4.5.11.0 2008.10.28 - 
Information additionnelle 
File size: 90112 bytes 
MD5...: e17ef8bd2c5f70a3b68bfbd088a5f50f 
SHA1..: 997ad51b9246fd528421462ee5ccf851ce503557 
SHA256: 4f5779f31d2a2d45b400fcfa3594d36a2c944dea923947b4abc4c88eeee30e2c 
SHA512: c817125e606b2f912406a9a113f3310aa6d23fc7465dc8f82f1f3437498fc6af
608f937327754570d19c83419f29e14f8dcafb8ae73fc2ac3e3499ea8ca46bd8 
PEiD..: - 
TrID..: File type identification
Win32 Executable Delphi generic (42.1%)
Win32 Executable Generic (24.4%)
Win32 Dynamic Link Library (generic) (21.7%)
Generic Win/DOS Executable (5.7%)
DOS Executable Generic (5.7%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401278
timedatestamp.....: 0x42d36a18 (Tue Jul 12 06:58:32 2005)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xa000 0x9600 5.98 c6034252faf603e8dccd3b17cebb6dfe
.data 0xb000 0x2000 0x1000 4.99 99410549ff977f0d6cc2fe1e3e3ff75f
.tls 0xd000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0xe000 0x1000 0x200 0.20 8f44d0724849c751a3235cc78b4eeca6
.idata 0xf000 0x3000 0x3000 5.26 254ff3e33b29abd10624f7a69f53ad16
.edata 0x12000 0x6000 0x5200 5.30 2a25973ed34c10f0eb5132a01cb86d21
.rsrc 0x18000 0x2000 0x1800 5.55 773227025a6fa3d6e8edc52ee387653c
.reloc 0x1a000 0x2000 0x1600 6.79 b57427205370f9f6ce10e8ae4d5e5c1d

( 38 imports ) 
> vcl60.bpl: @Consts@initialization$qqrv, @Consts@Finalization$qqrv
> vcl60.bpl: @Graphics@initialization$qqrv, @Graphics@Finalization$qqrv
> vcl60.bpl: @Printers@initialization$qqrv, @Printers@Finalization$qqrv
> vcl60.bpl: @Stdctrls@initialization$qqrv, @Stdctrls@Finalization$qqrv, @Stdctrls@TButton@, @Stdctrls@TEdit@, @Stdctrls@TLabel@
> vcl60.bpl: @Extctrls@initialization$qqrv, @Extctrls@Finalization$qqrv, @Extctrls@TTimer@SetEnabled$qqro, @Extctrls@TTimer@
> vcl60.bpl: @Dialogs@initialization$qqrv, @Dialogs@Finalization$qqrv
> vcl60.bpl: @Clipbrd@initialization$qqrv, @Clipbrd@Finalization$qqrv
> vcl60.bpl: @Stdactns@initialization$qqrv, @Stdactns@Finalization$qqrv
> vcl60.bpl: @Winhelpviewer@initialization$qqrv, @Winhelpviewer@Finalization$qqrv
> vcl60.bpl: @Actnlist@initialization$qqrv, @Actnlist@Finalization$qqrv
> vcl60.bpl: @Forms@initialization$qqrv, @Forms@Finalization$qqrv, @Forms@TApplication@ShowException$qqrp18Sysutils@Exception, @Forms@TApplication@Run$qqrv, @Forms@TApplication@CreateForm$qqrp17System@TMetaClasspv, @Forms@TApplication@Initialize$qqrv, @Forms@TCustomForm@QueryInterface$qqsrx5_GUIDpv, @Forms@TCustomForm@UpdateActions$qqrv, @Forms@TCustomForm@ShowModal$qqrv, @Forms@TCustomForm@SetFocus$qqrv, @Forms@TCustomForm@CloseQuery$qqrv, @Forms@TCustomForm@Resizing$qqr18Forms@TWindowState, @Forms@TCustomForm@PaintWindow$qqrui, @Forms@TCustomForm@SetFocusedControl$qqrp20Controls@TWinControl, @Forms@TCustomForm@DefaultHandler$qqrpv, @Forms@TCustomForm@DestroyWindowHandle$qqrv, @Forms@TCustomForm@CreateWindowHandle$qqrrx22Controls@TCreateParams, @Forms@TCustomForm@CreateWnd$qqrv, @Forms@TCustomForm@CreateParams$qqrr22Controls@TCreateParams, @Forms@TCustomForm@AlignControls$qqrp17Controls@TControlr11Types@TRect, @Forms@TCustomForm@WndProc$qqrr17Messages@TMessage, @Forms@TCustomForm@ValidateRename$qqrp18Classes@TComponentx17System@AnsiStringt2, @Forms@TCustomForm@SetParent$qqrp20Controls@TWinControl, @Forms@TCustomForm@WantChildKey$qqrp17Controls@TControlr17Messages@TMessage, @Forms@TCustomForm@SetParentBiDiMode$qqro, @Forms@TCustomForm@GetFloating$qqrv, @Forms@TCustomForm@GetClientRect$qqrv, @Forms@TCustomForm@DefineProperties$qqrp14Classes@TFiler, @Forms@TCustomForm@ReadState$qqrp15Classes@TReader, @Forms@TCustomForm@Notification$qqrp18Classes@TComponent18Classes@TOperation, @Forms@TCustomForm@Loaded$qqrv, @Forms@TCustomForm@DoDestroy$qqrv, @Forms@TCustomForm@DoCreate$qqrv, @Forms@TCustomForm@$bdtr$qqrv, @Forms@TCustomForm@BeforeDestruction$qqrv, @Forms@TCustomForm@$bctr$qqrp18Classes@TComponenti, @Forms@TCustomForm@AfterConstruction$qqrv, @Forms@TCustomForm@$bctr$qqrp18Classes@TComponent, @Forms@TScrollingWinControl@AdjustClientRect$qqrr11Types@TRect, @Forms@TScrollingWinControl@AutoScrollInView$qqrp17Controls@TControl, @Forms@TScrollingWinControl@AutoScrollEnabled$qqrv, @Forms@TScrollingWinControl@$bdtr$qqrv, @Forms@Application, @$xp$11Forms@TForm, @Forms@TForm@
> vcl60.bpl: @Imglist@initialization$qqrv, @Imglist@Finalization$qqrv
> vcl60.bpl: @Menus@initialization$qqrv, @Menus@Finalization$qqrv
> vcl60.bpl: @Controls@initialization$qqrv, @Controls@Finalization$qqrv, @Controls@TWinControl@CanAutoSize$qqrrit1, @Controls@TWinControl@AssignTo$qqrp19Classes@TPersistent, @Controls@TWinControl@ConstrainedResize$qqrrit1t1t1, @Controls@TWinControl@CanResize$qqrrit1, @Controls@TWinControl@GetClientOrigin$qqrv, @Controls@TWinControl@GetControlExtents$qqrv, @Controls@TWinControl@Repaint$qqrv, @Controls@TWinControl@Update$qqrv, @Controls@TWinControl@Invalidate$qqrv, @Controls@TWinControl@GetDeviceContext$qqrrui, @Controls@TWinControl@ShowControl$qqrp17Controls@TControl, @Controls@TWinControl@SetBounds$qqriiii, @Controls@TWinControl@CustomAlignPosition$qqrp17Controls@TControlrit2t2t2r11Types@TRectrx19Controls@TAlignInfo, @Controls@TWinControl@CustomAlignInsertBefore$qqrp17Controls@TControlt1, @Controls@TWinControl@CreateHandle$qqrv, @Controls@TWinControl@DestroyWnd$qqrv, @Controls@TWinControl@$bdtr$qqrv, @Controls@TControl@InitiateAction$qqrv, @Controls@TControl@GetFloatingDockSiteClass$qqrv, @Controls@TControl@SetBiDiMode$qqr17Classes@TBiDiMode, @Controls@TControl@SetEnabled$qqro, @Controls@TControl@SetName$qqrx17System@AnsiString, @Controls@TControl@SetAutoSize$qqro, @Controls@TControl@SetDragMode$qqr18Controls@TDragMode, @Controls@TControl@GetAction$qqrv, @Controls@TControl@GetEnabled$qqrv, @Controls@TControl@GetDragImages$qqrv, @Controls@TControl@$bdtr$qqrv
> rtl60.bpl: @System@initialization$qqrv, @System@Finalization$qqrv, @System@UnregisterModule$qqrp17System@TLibModule, @System@RegisterModule$qqrp17System@TLibModule, @System@FindHInstance$qqrpv, @System@@LStrToPChar$qqrx17System@AnsiString, @System@@LStrAddRef$qqrpv, @System@@LStrFromPChar$qqrr17System@AnsiStringpc, @System@@LStrAsg$qqrpvpxv, @System@@LStrClr$qqrpv, @System@@HandleFinally$qqrv, @System@TObject@Dispatch$qqrpv, @System@TObject@BeforeDestruction$qqrv, @System@TObject@DefaultHandler$qqrpv, @System@TObject@SafeCallException$qqrp14System@TObjectpv, @System@TObject@$bdtr$qqrv, @System@TObject@FreeInstance$qqrv, @System@TObject@NewInstance$qqrp17System@TMetaClass, @System@Move$qqrpxvpvi, @System@IsMemoryManagerSet$qqrv, @System@SetMemoryManager$qqrrx21System@TMemoryManager, @System@IsMultiThread, @System@IsConsole, @System@ExitProc, @System@CmdLine, @System@IsLibrary, @System@MainInstance
> rtl60.bpl: @Types@initialization$qqrv, @Types@Finalization$qqrv
> rtl60.bpl: @Sysconst@initialization$qqrv, @Sysconst@Finalization$qqrv
> rtl60.bpl: @Sysutils@initialization$qqrv, @Sysutils@Finalization$qqrv, @Sysutils@Exception@$bctr$qqrx17System@AnsiString, @Sysutils@Exception@
> rtl60.bpl: @Varutils@initialization$qqrv, @Varutils@Finalization$qqrv
> rtl60.bpl: @Variants@initialization$qqrv, @Variants@Finalization$qqrv
> rtl60.bpl: @Rtlconsts@initialization$qqrv, @Rtlconsts@Finalization$qqrv
> rtl60.bpl: @Typinfo@initialization$qqrv, @Typinfo@Finalization$qqrv, @Typinfo@DotSep, @Typinfo@BooleanIdents
> rtl60.bpl: @Activex@initialization$qqrv, @Activex@Finalization$qqrv
> rtl60.bpl: @Classes@initialization$qqrv, @Classes@Finalization$qqrv, @Classes@TComponent@UpdateRegistry$qqrp17System@TMetaClassox17System@AnsiStringt3, @Classes@TComponent@SafeCallException$qqrp14System@TObjectpv, @Classes@TComponent@WriteState$qqrp15Classes@TWriter, @Classes@TComponent@$bdtr$qqrv, @Classes@TThread@Resume$qqrv, @Classes@TThread@DoTerminate$qqrv, @Classes@TThread@AfterConstruction$qqrv, @Classes@TThread@$bdtr$qqrv, @Classes@TThread@$bctr$qqro, @Classes@TPersistent@Assign$qqrp19Classes@TPersistent, @Classes@TPersistent@$bdtr$qqrv, @$xp$15Classes@TThread, @Classes@TThread@
> rtl60.bpl: @Math@initialization$qqrv, @Math@Finalization$qqrv
> rtl60.bpl: @Contnrs@initialization$qqrv, @Contnrs@Finalization$qqrv
> rtl60.bpl: @Strutils@initialization$qqrv, @Strutils@Finalization$qqrv
> rtl60.bpl: @Helpintfs@initialization$qqrv, @Helpintfs@Finalization$qqrv
> rtl60.bpl: @Flatsb@initialization$qqrv, @Flatsb@Finalization$qqrv
> rtl60.bpl: @Multimon@initialization$qqrv, @Multimon@Finalization$qqrv
> dclusr60.bpl: @Jvhidcontrollerclass@Finalization$qqrv, @Jvhidcontrollerclass@HidCheck$qqrxi, @Jvhidcontrollerclass@TJvHidDevice@GetCaps$qqrv, @Jvhidcontrollerclass@TJvHidDevice@ReadFileEx$qqrpvuit1, @Jvhidcontrollerclass@TJvHidDevice@WriteFile$qqrpvuirui, @Jvhidcontrollerclass@TJvHidDeviceController@, @Jvhidcontrollerclass@TJvHidDeviceController@CheckIn$qqrrp33Jvhidcontrollerclass@TJvHidDevice, @Jvhidcontrollerclass@TJvHidDeviceController@CheckOutByID$qqrrp33Jvhidcontrollerclass@TJvHidDevicexixi, @Jvhidcontrollerclass@TJvHidDeviceController@Enumerate$qqrv, @Jvhidcontrollerclass@initialization$qqrv
> BORLNDMM.DLL: -
> IPHLPAPI.DLL: GetIfTable
> SHLWAPI.DLL: PathFileExistsA
> ADVAPI32.DLL: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA
> KERNEL32.DLL: CloseHandle, CreateFileA, DebugBreak, DeviceIoControl, ExpandEnvironmentStringsA, FreeLibrary, GetCommandLineA, GetDriveTypeA, GetModuleHandleA, GetProcAddress, GetProcessHeap, HeapAlloc, HeapFree, LoadLibraryA, LoadLibraryExA, Sleep, SleepEx
> USER32.DLL: wsprintfA
> CC3260MT.DLL: @$bdele$qpv, @$bnwa$qui, @_CatchCleanup$qv, @_InitTermAndUnexPtrs$qv, @_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1, __ErrorExit, ___CRTL_MEM_GetBorMemPtrs, ___CRTL_MEM_UseBorMM, ___CRTL_TLS_Alloc, ___CRTL_TLS_ExitThread, ___CRTL_TLS_Free, ___CRTL_TLS_GetValue, ___CRTL_TLS_InitThread, ___CRTL_TLS_SetValue, ____ExceptionHandler, __argc, __argv, __argv_default_expand, __exitargv, __handle_exitargv, __handle_setargv, __handle_wexitargv, __handle_wsetargv, __matherr, __matherrl, __setargv, __startup, __wargv_default_expand, _free, _malloc, _memcpy, _sprintf, _strcat, _strcmp, _strcpy

( 468 exports ) 
@$xp$19Hid@HIDD_ATTRIBUTES, @$xp$19Hid@PHIDDAttributes, @$xp$20Hid@THIDVariantFlags, @$xp$22Hid@HIDD_CONFIGURATION, @$xp$22Hid@PHIDDConfiguration, @@Main@Finalize, @@Main@Initialize, @Dbt@Finalization$qqrv, @Dbt@initialization$qqrv, @Hid@Finalization$qqrv, @Hid@HidD_FlushQueue, @Hid@HidD_FreePreparsedData, @Hid@HidD_GetAttributes, @Hid@HidD_GetConfiguration, @Hid@HidD_GetFeature, @Hid@HidD_GetHidGuid, @Hid@HidD_GetIndexedString, @Hid@HidD_GetManufacturerString, @Hid@HidD_GetNumInputBuffers, @Hid@HidD_GetPhysicalDescriptor, @Hid@HidD_GetPreparsedData, @Hid@HidD_GetProductString, @Hid@HidD_GetSerialNumberString, @Hid@HidD_Hello, @Hid@HidD_SetConfiguration, @Hid@HidD_SetFeature, @Hid@HidD_SetNumInputBuffers, @Hid@HidP_GetButtonCaps_$qqruip20Hid@HIDP_BUTTON_CAPSruspv, @Hid@HidP_GetButtons, @Hid@HidP_GetButtonsEx, @Hid@HidP_GetCaps, @Hid@HidP_GetData, @Hid@HidP_GetLinkCollectionNodes, @Hid@HidP_GetScaledUsageValue, @Hid@HidP_GetSpecificButtonCaps, @Hid@HidP_GetSpecificValueCaps, @Hid@HidP_GetUsageValue, @Hid@HidP_GetUsageValueArray, @Hid@HidP_GetUsages, @Hid@HidP_GetUsagesEx, @Hid@HidP_GetValueCaps_$qqruip19Hid@HIDP_VALUE_CAPSruspv, @Hid@HidP_IsSameUsageAndPage_$qqr18Hid@USAGE_AND_PAGEt1, @Hid@HidP_MaxButtonListLength, @Hid@HidP_MaxDataListLength, @Hid@HidP_MaxUsageListLength, @Hid@HidP_SetButtons, @Hid@HidP_SetData, @Hid@HidP_SetScaledUsageValue, @Hid@HidP_SetUsageValue, @Hid@HidP_SetUsageValueArray, @Hid@HidP_SetUsages, @Hid@HidP_TranslateUsagesToI8042ScanCodes, @Hid@HidP_UnsetButtons, @Hid@HidP_UnsetUsages, @Hid@HidP_UsageListDifference, @Hid@IsHidLoaded$qqrv, @Hid@LoadHid$qqrv, @Hid@UnloadHid$qqrv, @Hid@initialization$qqrv, @Moduleloader@Finalization$qqrv, @Moduleloader@GetModuleSymbol$qqrui17System@AnsiString, @Moduleloader@GetModuleSymbolEx$qqrui17System@AnsiStringro, @Moduleloader@LoadModule$qqrrui17System@AnsiString, @Moduleloader@LoadModuleEx$qqrrui17System@AnsiStringui, @Moduleloader@ReadModuleData$qqrui17System@AnsiStringpvui, @Moduleloader@UnloadModule$qqrrui, @Moduleloader@WriteModuleData$qqrui17System@AnsiStringpvui, @Moduleloader@initialization$qqrv, @Setupapi@Finalization$qqrv, @Setupapi@IsSetupApiLoaded$qqrv, @Setupapi@LoadSetupApi$qqrv, @Setupapi@SetupAddInstallSectionToDiskSpaceList, @Setupapi@SetupAddInstallSectionToDiskSpaceListA, @Setupapi@SetupAddInstallSectionToDiskSpaceListW, @Setupapi@SetupAddSectionToDiskSpaceList, @Setupapi@SetupAddSectionToDiskSpaceListA, @Setupapi@SetupAddSectionToDiskSpaceListW, @Setupapi@SetupAddToDiskSpaceList, @Setupapi@SetupAddToDiskSpaceListA, @Setupapi@SetupAddToDiskSpaceListW, @Setupapi@SetupAddToSourceList, @Setupapi@SetupAddToSourceListA, @Setupapi@SetupAddToSourceListW, @Setupapi@SetupAdjustDiskSpaceList, @Setupapi@SetupAdjustDiskSpaceListA, @Setupapi@SetupAdjustDiskSpaceListW, @Setupapi@SetupCancelTemporarySourceList, @Setupapi@SetupCloseFileQueue, @Setupapi@SetupCloseInfFile, @Setupapi@SetupCloseLog, @Setupapi@SetupCommitFileQueue, @Setupapi@SetupCommitFileQueueA, @Setupapi@SetupCommitFileQueueW, @Setupapi@SetupCopyError, @Setupapi@SetupCopyErrorA, @Setupapi@SetupCopyErrorW, @Setupapi@SetupCopyOEMInf, @Setupapi@SetupCopyOEMInfA, @Setupapi@SetupCopyOEMInfW, @Setupapi@SetupCreateDiskSpaceList, @Setupapi@SetupCreateDiskSpaceListA, @Setupapi@SetupCreateDiskSpaceListW, @Setupapi@SetupDecompressOrCopyFile, @Setupapi@SetupDecompressOrCopyFileA, @Setupapi@SetupDecompressOrCopyFileW, @Setupapi@SetupDefaultQueueCallback, @Setupapi@SetupDefaultQueueCallbackA, @Setupapi@SetupDefaultQueueCallbackW, @Setupapi@SetupDeleteError, @Setupapi@SetupDeleteErrorA, @Setupapi@SetupDeleteErrorW, @Setupapi@SetupDestroyDiskSpaceList, @Setupapi@SetupDiAskForOEMDisk, @Setupapi@SetupDiBuildClassInfoList, @Setupapi@SetupDiBuildClassInfoListEx, @Setupapi@SetupDiBuildClassInfoListExA, @Setupapi@SetupDiBuildClassInfoListExW, @Setupapi@SetupDiBuildDriverInfoList, @Setupapi@SetupDiCallClassInstaller, @Setupapi@SetupDiCancelDriverInfoSearch, @Setupapi@SetupDiChangeState, @Setupapi@SetupDiClassGuidsFromName, @Setupapi@SetupDiClassGuidsFromNameA, @Setupapi@SetupDiClassGuidsFromNameEx, @Setupapi@SetupDiClassGuidsFromNameExA, @Setupapi@SetupDiClassGuidsFromNameExW, @Setupapi@SetupDiClassGuidsFromNameW, @Setupapi@SetupDiClassNameFromGuid, @Setupapi@SetupDiClassNameFromGuidA, @Setupapi@SetupDiClassNameFromGuidEx, @Setupapi@SetupDiClassNameFromGuidExA, @Setupapi@SetupDiClassNameFromGuidExW, @Setupapi@SetupDiClassNameFromGuidW, @Setupapi@SetupDiCreateDevRegKey, @Setupapi@SetupDiCreateDevRegKeyA, @Setupapi@SetupDiCreateDevRegKeyW, @Setupapi@SetupDiCreateDeviceInfo, @Setupapi@SetupDiCreateDeviceInfoA, @Setupapi@SetupDiCreateDeviceInfoList, @Setupapi@SetupDiCreateDeviceInfoListEx, @Setupapi@SetupDiCreateDeviceInfoListExA, @Setupapi@SetupDiCreateDeviceInfoListExW, @Setupapi@SetupDiCreateDeviceInfoW, @Setupapi@SetupDiCreateDeviceInterface, @Setupapi@SetupDiCreateDeviceInterfaceA, @Setupapi@SetupDiCreateDeviceInterfaceRegKey, @Setupapi@SetupDiCreateDeviceInterfaceRegKeyA, @Setupapi@SetupDiCreateDeviceInterfaceRegKeyW, @Setupapi@SetupDiCreateDeviceInterfaceW, @Setupapi@SetupDiCreateInterfaceDeviceA, @Setupapi@SetupDiCreateInterfaceDeviceRegKeyA, @Setupapi@SetupDiCreateInterfaceDeviceRegKeyW, @Setupapi@SetupDiCreateInterfaceDeviceW, @Setupapi@SetupDiDeleteDevRegKey, @Setupapi@SetupDiDeleteDeviceInfo, @Setupapi@SetupDiDeleteDeviceInterfaceData, @Setupapi@SetupDiDeleteDeviceInterfaceRegKey, @Setupapi@SetupDiDeleteInterfaceDeviceData, @Setupapi@SetupDiDeleteInterfaceDeviceRegKey, @Setupapi@SetupDiDestroyClassImageList, @Setupapi@SetupDiDestroyDeviceInfoList, @Setupapi@SetupDiDestroyDriverInfoList, @Setupapi@SetupDiDrawMiniIcon, @Setupapi@SetupDiEnumDeviceInfo, @Setupapi@SetupDiEnumDeviceInterfaces, @Setupapi@SetupDiEnumDriverInfo, @Setupapi@SetupDiEnumDriverInfoA, @Setupapi@SetupDiEnumDriverInfoW, @Setupapi@SetupDiEnumInterfaceDevice, @Setupapi@SetupDiGetActualSectionToInstall, @Setupapi@SetupDiGetActualSectionToInstallA, @Setupapi@SetupDiGetActualSectionToInstallW, @Setupapi@SetupDiGetClassBitmapIndex, @Setupapi@SetupDiGetClassDescription, @Setupapi@SetupDiGetClassDescriptionA, @Setupapi@SetupDiGetClassDescriptionEx, @Setupapi@SetupDiGetClassDescriptionExA, @Setupapi@SetupDiGetClassDescriptionExW, @Setupapi@SetupDiGetClassDescriptionW, @Setupapi@SetupDiGetClassDevPropertySheets, @Setupapi@SetupDiGetClassDevPropertySheetsA, @Setupapi@SetupDiGetClassDevPropertySheetsW, @Setupapi@SetupDiGetClassDevs, @Setupapi@SetupDiGetClassDevsA, @Setupapi@SetupDiGetClassDevsEx, @Setupapi@SetupDiGetClassDevsExA, @Setupapi@SetupDiGetClassDevsExW, @Setupapi@SetupDiGetClassDevsW, @Setupapi@SetupDiGetClassImageIndex, @Setupapi@SetupDiGetClassImageList, @Setupapi@SetupDiGetClassImageListEx, @Setupapi@SetupDiGetClassImageListExA, @Setupapi@SetupDiGetClassImageListExW, @Setupapi@SetupDiGetClassInstallParams, @Setupapi@SetupDiGetClassInstallParamsA, @Setupapi@SetupDiGetClassInstallParamsW, @Setupapi@SetupDiGetDeviceInfoListClass, @Setupapi@SetupDiGetDeviceInfoListDetail, @Setupapi@SetupDiGetDeviceInfoListDetailA, @Setupapi@SetupDiGetDeviceInfoListDetailW, @Setupapi@SetupDiGetDeviceInstallParams, @Setupapi@SetupDiGetDeviceInstallParamsA, @Setupapi@SetupDiGetDeviceInstallParamsW, @Setupapi@SetupDiGetDeviceInstanceId, @Setupapi@SetupDiGetDeviceInstanceIdA, @Setupapi@SetupDiGetDeviceInstanceIdW, @Setupapi@SetupDiGetDeviceInterfaceAlias, @Setupapi@SetupDiGetDeviceInterfaceDetail, @Setupapi@SetupDiGetDeviceInterfaceDetailA, @Setupapi@SetupDiGetDeviceInterfaceDetailW, @Setupapi@SetupDiGetDeviceRegistryProperty, @Setupapi@SetupDiGetDeviceRegistryPropertyA, @Setupapi@SetupDiGetDeviceRegistryPropertyW, @Setupapi@SetupDiGetDriverInfoDetail, @Setupapi@SetupDiGetDriverInfoDetailA, @Setupapi@SetupDiGetDriverInfoDetailW, @Setupapi@SetupDiGetDriverInstallParams, @Setupapi@SetupDiGetDriverInstallParamsA, @Setupapi@SetupDiGetDriverInstallParamsW, @Setupapi@SetupDiGetHwProfileFriendlyName, @Setupapi@SetupDiGetHwProfileFriendlyNameA, @Setupapi@SetupDiGetHwProfileFriendlyNameEx, @Setupapi@SetupDiGetHwProfileFriendlyNameExA, @Setupapi@SetupDiGetHwProfileFriendlyNameExW, @Setupapi@SetupDiGetHwProfileFriendlyNameW, @Setupapi@SetupDiGetHwProfileList, @Setupapi@SetupDiGetHwProfileListEx, @Setupapi@SetupDiGetHwProfileListExA, @Setupapi@SetupDiGetHwProfileListExW, @Setupapi@SetupDiGetINFClass, @Setupapi@SetupDiGetINFClassA, @Setupapi@SetupDiGetINFClassW, @Setupapi@SetupDiGetInterfaceDeviceAlias, @Setupapi@SetupDiGetInterfaceDeviceDetailA, @Setupapi@SetupDiGetInterfaceDeviceDetailW, @Setupapi@SetupDiGetSelectedDevice, @Setupapi@SetupDiGetSelectedDriver, @Setupapi@SetupDiGetSelectedDriverA, @Setupapi@SetupDiGetSelectedDriverW, @Setupapi@SetupDiGetWizardPage, @Setupapi@SetupDiInstallClass, @Setupapi@SetupDiInstallClassA, @Setupapi@SetupDiInstallClassEx, @Setupapi@SetupDiInstallClassExA, @Setupapi@SetupDiInstallClassExW, @Setupapi@SetupDiInstallClassW, @Setupapi@SetupDiInstallDevice, @Setupapi@SetupDiInstallDeviceInterfaces, @Setupapi@SetupDiInstallDriverFiles, @Setupapi@SetupDiInstallInterfaceDevices, @Setupapi@SetupDiLoadClassIcon, @Setupapi@SetupDiMoveDuplicateDevice, @Setupapi@SetupDiOpenClassRegKey, @Setupapi@SetupDiOpenClassRegKeyEx, @Setupapi@SetupDiOpenClassRegKeyExA, @Setupapi@SetupDiOpenClassRegKeyExW, @Setupapi@SetupDiOpenDevRegKey, @Setupapi@SetupDiOpenDeviceInfo, @Setupapi@SetupDiOpenDeviceInfoA, @Setupapi@SetupDiOpenDeviceInfoW, @Setupapi@SetupDiOpenDeviceInterface, @Setupapi@SetupDiOpenDeviceInterfaceA, @Setupapi@SetupDiOpenDeviceInterfaceRegKey, @Setupapi@SetupDiOpenDeviceInterfaceW, @Setupapi@SetupDiOpenInterfaceDeviceA, @Setupapi@SetupDiOpenInterfaceDeviceRegKey, @Setupapi@SetupDiOpenInterfaceDeviceW, @Setupapi@SetupDiRegisterCoDeviceInstallers, @Setupapi@SetupDiRegisterDeviceInfo, @Setupapi@SetupDiRemoveDevice, @Setupapi@SetupDiRemoveDeviceInterface, @Setupapi@SetupDiRemoveInterfaceDevice, @Setupapi@SetupDiSelectBestCompatDrv, @Setupapi@SetupDiSelectDevice, @Setupapi@SetupDiSelectOEMDrv, @Setupapi@SetupDiSetClassInstallParams, @Setupapi@SetupDiSetClassInstallParamsA, @Setupapi@SetupDiSetClassInstallParamsW, @Setupapi@SetupDiSetDeviceInstallParams, @Setupapi@SetupDiSetDeviceInstallParamsA, @Setupapi@SetupDiSetDeviceInstallParamsW, @Setupapi@SetupDiSetDeviceRegistryProperty, @Setupapi@SetupDiSetDeviceRegistryPropertyA, @Setupapi@SetupDiSetDeviceRegistryPropertyW, @Setupapi@SetupDiSetDriverInstallParams, @Setupapi@SetupDiSetDriverInstallParamsA, @Setupapi@SetupDiSetDriverInstallParamsW, @Setupapi@SetupDiSetSelectedDevice, @Setupapi@SetupDiSetSelectedDriver, @Setupapi@SetupDiSetSelectedDriverA, @Setupapi@SetupDiSetSelectedDriverW, @Setupapi@SetupDiUnremoveDevice, @Setupapi@SetupDuplicateDiskSpaceList, @Setupapi@SetupDuplicateDiskSpaceListA, @Setupapi@SetupDuplicateDiskSpaceListW, @Setupapi@SetupFindFirstLine, @Setupapi@SetupFindFirstLineA, @Setupapi@SetupFindFirstLineW, @Setupapi@SetupFindNextLine, @Setupapi@SetupFindNextMatchLine, @Setupapi@SetupFindNextMatchLineA, @Setupapi@SetupFindNextMatchLineW, @Setupapi@SetupFreeSourceList, @Setupapi@SetupFreeSourceListA, @Setupapi@SetupFreeSourceListW, @Setupapi@SetupGetBinaryField, @Setupapi@SetupGetFieldCount, @Setupapi@SetupGetFileCompressionInfo, @Setupapi@SetupGetFileCompressionInfoA, @Setupapi@SetupGetFileCompressionInfoW, @Setupapi@SetupGetInfFileList, @Setupapi@SetupGetInfFileListA, @Setupapi@SetupGetInfFileListW, @Setupapi@SetupGetInfInformation, @Setupapi@SetupGetInfInformationA, @Setupapi@SetupGetInfInformationW, @Setupapi@SetupGetIntField, @Setupapi@SetupGetLineByIndex, @Setupapi@SetupGetLineByIndexA, @Setupapi@SetupGetLineByIndexW, @Setupapi@SetupGetLineCount, @Setupapi@SetupGetLineCountA, @Setupapi@SetupGetLineCountW, @Setupapi@SetupGetLineText, @Setupapi@SetupGetLineTextA, @Setupapi@SetupGetLineTextW, @Setupapi@SetupGetMultiSzField, @Setupapi@SetupGetMultiSzFieldA, @Setupapi@SetupGetMultiSzFieldW, @Setupapi@SetupGetSourceFileLocation, @Setupapi@SetupGetSourceFileLocationA, @Setupapi@SetupGetSourceFileLocationW, @Setupapi@SetupGetSourceFileSize, @Setupapi@SetupGetSourceFileSizeA, @Setupapi@SetupGetSourceFileSizeW, @Setupapi@SetupGetSourceInfo, @Setupapi@SetupGetSourceInfoA, @Setupapi@SetupGetSourceInfoW, @Setupapi@SetupGetStringField, @Setupapi@SetupGetStringFieldA, @Setupapi@SetupGetStringFieldW, @Setupapi@SetupGetTargetPath, @Setupapi@SetupGetTargetPathA, @Setupapi@SetupGetTargetPathW, @Setupapi@SetupInitDefaultQueueCallback, @Setupapi@SetupInitDefaultQueueCallbackEx, @Setupapi@SetupInitializeFileLog, @Setupapi@SetupInitializeFileLogA, @Setupapi@SetupInitializeFileLogW, @Setupapi@SetupInstallFile, @Setupapi@SetupInstallFileA, @Setupapi@SetupInstallFileEx, @Setupapi@SetupInstallFileExA, @Setupapi@SetupInstallFileExW, @Setupapi@SetupInstallFileW, @Setupapi@SetupInstallFilesFromInfSection, @Setupapi@SetupInstallFilesFromInfSectionA, @Setupapi@SetupInstallFilesFromInfSectionW, @Setupapi@SetupInstallFromInfSection, @Setupapi@SetupInstallFromInfSectionA, @Setupapi@SetupInstallFromInfSectionW, @Setupapi@SetupInstallServicesFromInfSection, @Setupapi@SetupInstallServicesFromInfSectionA, @Setupapi@SetupInstallServicesFromInfSectionEx, @Setupapi@SetupInstallServicesFromInfSectionExA, @Setupapi@SetupInstallServicesFromInfSectionExW, @Setupapi@SetupInstallServicesFromInfSectionW, @Setupapi@SetupIterateCabinet, @Setupapi@SetupIterateCabinetA, @Setupapi@SetupIterateCabinetW, @Setupapi@SetupLogError, @Setupapi@SetupLogErrorA, @Setupapi@SetupLogErrorW, @Setupapi@SetupLogFile, @Setupapi@SetupLogFileA, @Setupapi@SetupLogFileW, @Setupapi@SetupOpenAppendInfFile, @Setupapi@SetupOpenAppendInfFileA, @Setupapi@SetupOpenAppendInfFileW, @Setupapi@SetupOpenFileQueue, @Setupapi@SetupOpenInfFile, @Setupapi@SetupOpenInfFileA, @Setupapi@SetupOpenInfFileW, @Setupapi@SetupOpenLog, @Setupapi@SetupOpenMasterInf, @Setupapi@SetupPromptForDisk, @Setupapi@SetupPromptForDiskA, @Setupapi@SetupPromptForDiskW, @Setupapi@SetupPromptReboot, @Setupapi@SetupQueryDrivesInDiskSpaceList, @Setupapi@SetupQueryDrivesInDiskSpaceListA, @Setupapi@SetupQueryDrivesInDiskSpaceListW, @Setupapi@SetupQueryFileLog, @Setupapi@SetupQueryFileLogA, @Setupapi@SetupQueryFileLogW, @Setupapi@SetupQueryInfFileInformation, @Setupapi@SetupQueryInfFileInformationA, @Setupapi@SetupQueryInfFileInformationW, @Setupapi@SetupQueryInfVersionInformation, @Setupapi@SetupQueryInfVersionInformationA, @Setupapi@SetupQueryInfVersionInformationW, @Setupapi@SetupQuerySourceList, @Setupapi@SetupQuerySourceListA, @Setupapi@SetupQuerySourceListW, @Setupapi@SetupQuerySpaceRequiredOnDrive, @Setupapi@SetupQuerySpaceRequiredOnDriveA, @Setupapi@SetupQuerySpaceRequiredOnDriveW, @Setupapi@SetupQueueCopy, @Setupapi@SetupQueueCopyA, @Setupapi@SetupQueueCopySection, @Setupapi@SetupQueueCopySectionA, @Setupapi@SetupQueueCopySectionW, @Setupapi@SetupQueueCopyW, @Setupapi@SetupQueueDefaultCopy, @Setupapi@SetupQueueDefaultCopyA, @Setupapi@SetupQueueDefaultCopyW, @Setupapi@SetupQueueDelete, @Setupapi@SetupQueueDeleteA, @Setupapi@SetupQueueDeleteSection, @Setupapi@SetupQueueDeleteSectionA, @Setupapi@SetupQueueDeleteSectionW, @Setupapi@SetupQueueDeleteW, @Setupapi@SetupQueueRename, @Setupapi@SetupQueueRenameA, @Setupapi@SetupQueueRenameSection, @Setupapi@SetupQueueRenameSectionA, @Setupapi@SetupQueueRenameSectionW, @Setupapi@SetupQueueRenameW, @Setupapi@SetupRemoveFileLogEntry, @Setupapi@SetupRemoveFileLogEntryA, @Setupapi@SetupRemoveFileLogEntryW, @Setupapi@SetupRemoveFromDiskSpaceList, @Setupapi@SetupRemoveFromDiskSpaceListA, @Setupapi@SetupRemoveFromDiskSpaceListW, @Setupapi@SetupRemoveFromSourceList, @Setupapi@SetupRemoveFromSourceListA, @Setupapi@SetupRemoveFromSourceListW, @Setupapi@SetupRemoveInstallSectionFromDiskSpaceList, @Setupapi@SetupRemoveInstallSectionFromDiskSpaceListA, @Setupapi@SetupRemoveInstallSectionFromDiskSpaceListW, @Setupapi@SetupRemoveSectionFromDiskSpaceList, @Setupapi@SetupRemoveSectionFromDiskSpaceListA, @Setupapi@SetupRemoveSectionFromDiskSpaceListW, @Setupapi@SetupRenameError, @Setupapi@SetupRenameErrorA, @Setupapi@SetupRenameErrorW, @Setupapi@SetupScanFileQueue, @Setupapi@SetupScanFileQueueA, @Setupapi@SetupScanFileQueueW, @Setupapi@SetupSetDirectoryId, @Setupapi@SetupSetDirectoryIdA, @Setupapi@SetupSetDirectoryIdEx, @Setupapi@SetupSetDirectoryIdExA, @Setupapi@SetupSetDirectoryIdExW, @Setupapi@SetupSetDirectoryIdW, @Setupapi@SetupSetPlatformPathOverride, @Setupapi@SetupSetPlatformPathOverrideA, @Setupapi@SetupSetPlatformPathOverrideW, @Setupapi@SetupSetSourceList, @Setupapi@SetupSetSourceListA, @Setupapi@SetupSetSourceListW, @Setupapi@SetupTermDefaultQueueCallback, @Setupapi@SetupTerminateFileLog, @Setupapi@UnloadSetupApi$qqrv, @Setupapi@initialization$qqrv, _MainForm, __GetExceptDLLinfo, ___CPPdebugHook

sKe69 · Answer

ok ... 


bien , voilà la suite .... et si le mode sans échec ne marche toujours pas à présent fais moi le savoir :


Télécharges SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://sdfix.net/SDFix.exe
 
--> Double-cliques sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

 /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\ 

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage . 
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ). 
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...
 
Ouvres le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double cliques sur RunThis.bat pour lancer le script. 
--->Tapes Y pour lancer le script ... 
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé . 

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier 
C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...

M.Templier · Answer

Apparemment le mode sans échec ne marche toujours pas :S

sKe69 · Answer

essayes de le réparrer avec cette autre utilitaire :

Télécharges ceci : 
https://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe 

double clique dessus ( cela répare la clé safeboot qui gère le mode sans echec ).

laisses travailler .... et un fois terminé , retentes le coup et dis moi ...

M.Templier · Answer

Rien à faire pour le mode sans échec...

sKe69 · Answer

par rapport à ce que tu m'as dis ici :
http://www.commentcamarche.net/forum/affich 9119937 virus trojan fond d ecran bizarre alertes#12


fais ceci :

1-Télécharges se petit soft , ZEB_RESTORE :  

ici http://telechargement.zebulon.fr/zeb-restore.html 
ou https://forum.zebulon.fr/index.php?act=attach&type=blogentry&id=1153

Enregistres ce fichier sur ton bureau. 

-Clic droit Zeb-Restore.zip ==> "Extraire tout" choisis comme lieu d'enregistrement le bureau. 
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe 
---> Coches la case devant ( et uniquement celle-ci ! ) : 

* RegEdit : réactive l'accès à RegEdit 

-Cliques sur : " Restaurer " et laisses faire ....

--> Une fois finit, redémarres ton PC . 


2- refais ceci : 
Cliques droit sur ce lien :
http://www.malekal.com/download/SafeBoot.reg 
Et choisis " enregistrer la cible sous " afin de télécharger "SafeBoot.reg" sur ton Bureau . 
Doubles cliques sur ce .reg et acceptes la fusion avec le registre . 


--> dis moi si tu as eu encore un message d'erreur ... Et si ce n'est pas le cas , retentes la manipe de SDFix en mode sans échec ... Tiens moi au courant si cela ne fonctionne toujours pas , on changera de tactique ...

M.Templier · Answer

Registre controlé par administrateur...

sKe69 · Answer

mouais ...


changeons le fusil d'épaule :


Télécharges MalwareByte's : 
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php
 
Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour . 

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

Potasses le tuto pour te familiariser avec le prg : 
https://forum.pcastuces.com/sujet.asp?f=31&s=3
https://www.androidworld.fr/ 
( cela dis, il est très simple d'utilisation ).

 
Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! )  et supprimes tout ce qu'il peut trouver, c'est à dire :
-->Laisses le scan se terminer,puis à la fin tu cliques sur "résultat" . 
-->Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

->Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) accompagné d'un nouvel hijackthis et attends la suite  ...

M.Templier · Answer

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2

29/10/2008 00:14:22
mbam-log-2008-10-29 (00-14-22).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 170887
Temps écoulé: 59 minute(s), 50 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
C:\WINDOWS\vlc.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\wdmon.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
D:\Documents and Settings\TAVARES\Local Settings\Temp\wndutl32.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\flfxr15.flfixer15 (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f585cb1f-f17d-4007-a573-b663197ef500} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbthtmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbthtmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbttoolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbttoolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{175816a5-219e-4079-b2f9-53c501c409ba} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{19ebcbe0-9245-4397-bc5d-883d34782043} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e07646f-07c4-4847-a250-0ec8114f2963} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{27c4569f-8728-4958-a920-a607cae8153c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a61a950-c325-4f44-ba64-273180ff3464} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{af15975b-1498-4740-8e6c-90af78e4198c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b53d4cd4-406d-43cc-8244-7893d72236dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b671426c-5c1a-48ac-9652-bc9402b1c404} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9bb3219-f84c-4060-966b-4a1e73e24226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f786cb18-3809-4e49-bc99-9a66da47db8b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f814be58-1bf9-4b50-829a-e889f86127ad} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0ab71193-ec19-4d70-85c2-e46e2ff02755} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{420c35c9-e4f2-49f9-bf67-2be1ecf86989} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{71efe583-62fe-4419-9918-ca3b683f7b36} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{793af621-5cd0-4b92-b765-6712f6aaf48e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fwraper.ffenginwraper (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fwraper.ffenginwraper.1 (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fxcore.mmfixcore (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fxcore.mmfixcore.1 (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mmfxctrl.cofixengine (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mmfxctrl.cofixengine.1 (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Error Safe Free (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Error Safe Free (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1 (Rogue.Errorsafe) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\58487470685635823617849153964386 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\vlc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\wdmon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Error Safe Free\FlFxr15.dll (Rogue.Errorsafe) -> Quarantined and deleted successfully.
D:\Documents and Settings\TAVARES\Local Settings\Temp\wndutl32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Error Safe Free\emptyERSF.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297820.cpl (Rogue.XPantivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1298200.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1298201.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1298204.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\svc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297368.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297362.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297363.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297364.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297365.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297366.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297367.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297369.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297370.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297371.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP544\A1297372.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4W7e83eV.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\U.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\TAVARES\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\TAVARES\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\TAVARES\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:01, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008\TrayServer.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe

M.Templier · Answer

Apparemment le virus ne fait plus effet.

Je te remercie vraiment pour tout !

sKe69 · Answer

Re,

ce n'est pas encore finit !!!!



1- supprimes tout ce qui ce trouve dans la quarantaine de malwarebytes ( via celle-ci )


2- refais un coup de CCleaner (registre compris ) .


3- Fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !): 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil . 

Appuyes sur la touche Y (Yes) pour démarrer le scan . 

Notes importantes : 
-> n'utilises pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment  : cliques sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée dans: C:\Combofix.txt 
 
Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

Virus/Trojan : Fond d'écran bizarre, alertes.

28 réponses

Discussions similaires

Newsletters