Se connecter avec
S'enregistrer | Connectez-vous

virus myalbum20007 Résolu

Dernière réponse : dans Sécurité
Lassé par la pub ? Créez un compte

voilà le scan!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 17:01:41, on 04/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Crystal Clear\YzShadow\YzShadow.exe
C:\Program Files\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Y'z Shadow.lnk = C:\Program Files\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\Program Files\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://mamanbohneur.bbactif.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: system32 - {08C685E3-1076-4BF5-B0E9-3E894B53F1B2} - sysprinters.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0264391183550901) (0264391183550901mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\026439~1.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

Re


$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...


$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.


SDFix: Version 1.89

Run by G‚r“me on 04/07/2007 at 20:02

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\NPTUSF8H\CA7EHUYX.HTM - Deleted
C:\WINDOWS\myalbum2007.zip - Deleted
C:\WINDOWS\system32\sysprinters.dll - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
C:\WINDOWS\SoftwareDistribution\Download\f092643004fe50cceed65d55dd41fd7d\BIT3CE.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6de0759720c7d5f6249a35ca9247df09\BIT160.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

merci !!!

Logfile of HijackThis v1.99.1
Scan saved at 22:58:04, on 04/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Crystal Clear\YzShadow\YzShadow.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Crystal Clear\YzToolbar\YzToolBar.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Y'z Shadow.lnk = C:\Program Files\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\Program Files\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://mamanbohneur.bbactif.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

J'espère que c'est bien ça le nouveau.

Merci!!!!

Bien.

Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/ [...] insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/ [...] cgdmgr.cab

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Bonjour!

je l'ai fait avec Panda.
Voilà ce que j'ai eu , je ne sais pas si ça a vraiment marché?!

beta
<< Language
[Close]

* English
* Español

NanoScan, instant virus scan
Scan result

Summary:


Your PC doesn't have viruses

Details:

Dangerous Threat name (0) Type Status

Time:
48 seconds
Recommendations

Scan your PC thoroughly with TotalScan

Help your friends, share NanoScan with them.
Share NanoScan

Your name:


* Your email:

Your friend's name:


* Email:

Edit/Preview email

Subject:

Your message:

Hi [FRIEND_NAME],



[YOURNAME] wants you to discover NanoScan. It is an online tool that will tell you, in less than one minute, if there are active viruses on your PC.

Click here to start:

http://www.nanoscan.com/?invitation

Regards.

Did you like NanoScan for your PC? Try MalwareRadar to audit your company's network.

Install Panda's permanent protection for home users and businesses.
Home | Tools & Gadgets | About | Feedback | Blog | Help | Partner with us
Terms and conditions of use | NanoScan is a Panda project
Share it (?):


:non:  je pense pas avoir réussi.

oh là là , pas évident tout ça...

Merci !!!!!!!!

coucou je viens de recommencer avec Panda.
Voilà le rapport!!

PC infected

* 31 examples of less dangerous malicious software.

* We have not detected any antivirus installed.

El texto que corresponda en cada momento
After a quick scan of your PC, we have not detected any ACTIVE or LATENT malicious software.

Become a TotalScan Pro member
Includes disinfection!
Scan details
High danger level (0)
Medium danger level (2)
Adware/IST.IST... Adware
Latent
Show + Info
C:\aolhwb.exe
C:\ebifgm.exe
C:\erblbt.exe
C:\mhfgzg.exe
C:\nlvdjw.exe
C:\pinqkk.exe
C:\tjzqcy.exe
C:\yqhper.exe
Adware/IST.IST... Adware
Latent
Show + Info
C:\aolhwb.exe[ghost.exe]
C:\ebifgm.exe[ghost.exe]
C:\erblbt.exe[ghost.exe]
C:\mhfgzg.exe[ghost.exe]
C:\nlvdjw.exe[ghost.exe]
C:\pinqkk.exe[ghost.exe]
C:\tjzqcy.exe[ghost.exe]
C:\yqhper.exe[ghost.exe]
Low danger level (29)
Cookie/Casalem... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...es.txt[.casalemedia.com/]
C:\Documents and Settings...es.txt[.casalemedia.com/]
C:\Documents and Settings...es.txt[.casalemedia.com/]
C:\Documents and Settings...es.txt[.casalemedia.com/]
C:\Documents and Settings...es.txt[.casalemedia.com/]
dialer.ags Dialer
Latent
Show + Info
c:\program files\montorgueil
hkey_current_user\software\montorgueil
Cookie/Bluestr... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...ies.txt[.bluestreak.com/]
Cookie/Doublec... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...es.txt[.doubleclick.net/]
Cookie/WUpd Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...ookies.txt[.revenue.net/]
Cookie/Comclic... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...t[fl01.ct2.comclick.com/]
C:\Documents and Settings...t[fl01.ct2.comclick.com/]
C:\Documents and Settings...t[fl01.ct2.comclick.com/]
Cookie/Atlas D... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...\cookies.txt[.atdmt.com/]
Cookie/RealMed... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...s.txt[.247realmedia.com/]
C:\Documents and Settings...s.txt[.247realmedia.com/]
C:\Documents and Settings...s.txt[.247realmedia.com/]
Cookie/Com.com Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...lt\cookies.txt[.com.com/]
Cookie/FastCli... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...kies.txt[.fastclick.net/]
C:\Documents and Settings...kies.txt[.fastclick.net/]
Cookie/Adverti... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...es.txt[.advertising.com/]
C:\Documents and Settings...es.txt[.advertising.com/]
C:\Documents and Settings...es.txt[.advertising.com/]
C:\Documents and Settings...es.txt[.advertising.com/]
Cookie/2o7 Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...lt\cookies.txt[.2o7.net/]
C:\Documents and Settings...lt\cookies.txt[.2o7.net/]
Cookie/Tradedo... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...s.txt[.tradedoubler.com/]
C:\Documents and Settings...s.txt[.tradedoubler.com/]
C:\Documents and Settings...s.txt[.tradedoubler.com/]
C:\Documents and Settings...s.txt[.tradedoubler.com/]
Cookie/Questio... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
Cookie/Overtur... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...okies.txt[.overture.com/]
C:\Documents and Settings...okies.txt[.overture.com/]
Cookie/Weboram... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...ookies.txt[.weborama.fr/]
C:\Documents and Settings...ookies.txt[.weborama.fr/]
C:\Documents and Settings...ookies.txt[.weborama.fr/]
adware/statbla... Adware
Latent
Show + Info
hkey_classes_root\clsid\{...9-4ddc-b661-c1afb9f5ae53}
HKEY_LOCAL_MACHINE\softwa...9-4ddc-b661-c1afb9f5ae53}
Adware/Yazzle Adware
Latent
Show + Info
C:\gfxfjm.exe
C:\glowpt.exe
C:\lwoipt.exe
C:\owlenj.exe
C:\qrwwgs.exe
C:\tfmrtr.exe
C:\yokhrd.exe
Cookie/Serving... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...es.txt[.serving-sys.com/]
C:\Documents and Settings...es.txt[.serving-sys.com/]
C:\Documents and Settings...es.txt[.serving-sys.com/]
C:\Documents and Settings...es.txt[.serving-sys.com/]
C:\Documents and Settings...es.txt[.serving-sys.com/]
Cookie/YieldMa... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...txt[ad.yieldmanager.com/]
C:\Documents and Settings...txt[ad.yieldmanager.com/]
C:\Documents and Settings...txt[ad.yieldmanager.com/]
C:\Documents and Settings...txt[ad.yieldmanager.com/]
C:\Documents and Settings...txt[ad.yieldmanager.com/]
Cookie/Searchp... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...hportal.information.com/]
Cookie/Adtech Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...\cookies.txt[.adtech.de/]
C:\Documents and Settings...\cookies.txt[.adtech.de/]
Cookie/Statcou... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...es.txt[.statcounter.com/]
C:\Documents and Settings...es.txt[.statcounter.com/]
Cookie/Serving... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...txt[.bs.serving-sys.com/]
Cookie/Mediapl... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...kies.txt[.mediaplex.com/]
Cookie/Webtren... Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...tatse.webtrendslive.com/]
Cookie/Apmebf Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...cookies.txt[.apmebf.com/]
Cookie/Xiti Tracking Cookie
Latent
Show + Info
C:\Documents and Settings...t\cookies.txt[.xiti.com/]
adware/sbsoft Adware
Latent
Show + Info
HKEY_CLASSES_ROOT\Interfa...4-465b-8368-5ed9b732e22d}
HKEY_CLASSES_ROOT\Interfa...C-435F-BF31-2C4497373C41}

* <<
* 1
* 2
* 3
* 4
* 5
* >>

Re


Bizarre ce rapport.


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.


C:\aolhwb.exe
C:\ebifgm.exe
C:\erblbt.exe
C:\mhfgzg.exe
C:\nlvdjw.exe
C:\pinqkk.exe
C:\tjzqcy.exe
C:\yqhper.exe
c:\program files\montorgueil
C:\gfxfjm.exe
C:\glowpt.exe
C:\lwoipt.exe
C:\owlenj.exe
C:\qrwwgs.exe
C:\tfmrtr.exe
C:\yokhrd.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

coucou orely3113

oui ça l'envoit à plusieurs de tes contacts via ton adresse et sans que tu le fasses. ne réponds pas car je pense que l'abruti derrière ça peut lire ce que tu écrit. Mais pas sûr. Moi non plus je ne m'y connais pas beaucoup. je sais pas quoi te dire.
Peut-être faut-il que tu fasses comme tout le monde, c'est -à-dire inscrire ton problème dans un nouveau sujet. De là, un helper pourra t'aider à supprimer ce virus.
Bon courage!!! :hello: 

coucou naounature

merci a toi pour ta reponse, et la premiere fois que je l'ai reçcu, je l'ai ouvert et j'ai repondu, cela me le renvoyer à la suite!!!

Ben wéé je vais l'inscrire dans un nouveau sujet!!! en esperant que j'y arrive!!!
Mais au faite tu as reussi a l'enlever?

Mercii c'est gentil!!

C:\_OTMoveIt\MovedFiles

bon je pensais que c'était ça, mais apparemment non!!

j'ai tout fait, mais je ne trouve pas le rapport.
il faut que je regarde dans quoi?!!

oh là là je suis pénible. un peu de patience avec moi.
MERCI de votre compréhension!!!!!!

Me revoilà, toujours bredouille.
J'ai beau chercher, je ne trouve pas de rapport!!
Voilà comment je procède, ce n'est peut-être pas comme-ça qu'il faut faire.

Je vais dans poste de travail
disque local (C:) 
OT MoveIt
MovedFiles
program files
montorgueil
Femme_collant

et ensuite, plus rien. C'est comme s'il y avait une photo.
un genre d'oval jaune dans un carré noir. PS : je n'ai pas eu besoin de redémarrer le pc???!!!!!!!!!

:hello:  je continue.

C:\OT MOVEIT\MOVEDFILES cheval de troie mis en quarantaine
C:\OT MOVEIT\MOVEDFILES cheval de troie mis en quarantaine
C:\OT MOVEIT\MOVEDFILES cheval de troie mis en quarantaine
C:\OT MOVEIT\MOVEDFILES cheval de troie mis en quarantaine
C:\OT MOVEIT\MOVEDFILES cheval de troie mis en quarantaine
C:\OT MOVEIT\MOVEDFILES cheval de troie mis en quarantaine
C:\OT MOVEIT\MOVEDFILES cheval de troie mis en quarantaine

C:\SDFIX\BACKUPS\BACKUP cheval de troie mis en quarantaine

C:\system volume information cheval de troie supprimé
C:\system volume information cheval de troie supprimé

C:\SYSTEM VOLUME INFORMATION cheval de troie supprimé
C:\SYSTEM VOLUME INFORMATION cheval de troie supprimé
C:\SYSTEM VOLUME INFORMATION cheval de troie supprimé
C:\SYSTEM VOLUME INFORMATION cheval de troie supprimé
C:\SYSTEM VOLUME INFORMATION cheval de troie supprimé
C:\SYSTEM VOLUME INFORMATION cheval de troie supprimé
C:\SYSTEM VOLUME INFORMATION cheval de troie supprimé

Cookie-207 programme potentiellement indé... supprimé
Cookie-Atdmt programme potentiellement indé... supprimé
Cookie-Doubleclick programme potentiellement indé... supprimé
Prc Viewer programme potentiellement indé...Détecté

voilà , fin de l'analyse.
Merci !!!

voici le rapport de Combofix.

"G‚r“me" - 2007-07-06 14:15:20 - ComboFix 07-07-04.4

/wow section - STAGE #3

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\GRME~1\Bureau.\internet explorer.lnk


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-06 14:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 12:57 <REP> d-------- C:\WINDOWS\system32\Panda Software
2007-07-04 23:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-04 20:01 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-04 17:00 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-07-04 14:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-03 00:56 <REP> d-------- C:\install
2007-07-03 00:21 1,085,518 --a------ C:\pjvoin.exe
2007-06-21 10:37 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-11 10:54 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2007-06-11 10:54 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-06-11 10:54 442,880 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-06-11 10:54 226,816 --a------ C:\WINDOWS\system32\es.dll
2007-06-11 10:54 214,528 --a------ C:\WINDOWS\system32\rpcss.dll
2007-06-11 10:54 1,105,408 --a------ C:\WINDOWS\system32\ole32.dll
2007-06-11 10:53 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-11 10:53 554,496 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-06-11 10:53 48,640 --a------ C:\WINDOWS\system32\browser.dll
2007-06-11 10:53 456,192 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-11 10:53 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2007-06-08 16:18 <REP> d-------- C:\DOCUME~1\GRME~1\APPLIC~1\vlc
2007-06-08 16:14 <REP> d-------- C:\Program Files\Web Media Player
2007-06-08 14:54 203,776 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-06-08 14:52 907,264 --a------ C:\WINDOWS\system32\winntbbu.dll
2007-06-08 14:52 768,512 --a------ C:\WINDOWS\system32\upnpui.dll
2007-06-08 14:52 597,504 --a------ C:\WINDOWS\system32\taskmgr.exe
2007-06-08 14:52 584,704 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-06-08 14:52 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-06-08 14:52 418,304 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-06-08 14:52 414,720 --a------ C:\WINDOWS\system32\winsrv.dll
2007-06-08 14:52 407,040 --a------ C:\WINDOWS\system32\stobject.dll
2007-06-08 14:52 405,504 --a------ C:\WINDOWS\system32\sysocmgr.exe
2007-06-08 14:52 4,279,296 --a------ C:\WINDOWS\system32\logonui.exe
2007-06-08 14:52 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2007-06-08 14:52 2,769,920 --a------ C:\WINDOWS\system32\syssetup.dll
2007-06-08 14:52 168,960 --a------ C:\WINDOWS\system32\winhlp32.exe
2007-06-08 14:52 1,899,520 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2007-06-08 14:52 1,377,792 --a------ C:\WINDOWS\system32\shimgvw.dll
2007-06-08 14:52 1,240,576 --a------ C:\WINDOWS\system32\wiashext.dll
2007-06-08 14:51 978,944 --a------ C:\WINDOWS\system32\msgina.dll
2007-06-08 14:51 78,848 --a------ C:\WINDOWS\system32\ahui.exe
2007-06-08 14:51 711,680 --a------ C:\WINDOWS\system32\rasdlg.dll
2007-06-08 14:51 710,656 --a------ C:\WINDOWS\system32\ntshrui.dll
2007-06-08 14:51 70,144 --a------ C:\WINDOWS\system32\gcdef.dll
2007-06-08 14:51 591,872 --a------ C:\WINDOWS\system32\mspaint.exe
2007-06-08 14:51 526,336 --a------ C:\WINDOWS\system32\cmd.exe
2007-06-08 14:51 523,776 --a------ C:\WINDOWS\system32\keymgr.dll
2007-06-08 14:51 520,192 --a------ C:\WINDOWS\system32\cleanmgr.exe
2007-06-08 14:51 47,104 --a------ C:\WINDOWS\system32\narrator.exe
2007-06-08 14:51 433,664 --a------ C:\WINDOWS\system32\netid.dll
2007-06-08 14:51 4,707,328 --a------ C:\WINDOWS\system32\logon.scr
2007-06-08 14:51 352,256 --a------ C:\WINDOWS\system32\mydocs.dll
2007-06-08 14:51 347,136 --a------ C:\WINDOWS\system32\moricons.dll
2007-06-08 14:51 334,848 --a------ C:\WINDOWS\system32\credui.dll
2007-06-08 14:51 324,096 --a------ C:\WINDOWS\system32\cmdial32.dll
2007-06-08 14:51 31,232 --a------ C:\WINDOWS\system32\deskmon.dll
2007-06-08 14:51 3,399,680 --a------ C:\WINDOWS\system32\netshell.dll
2007-06-08 14:51 3,167,232 --a------ C:\WINDOWS\explorer.exe
2007-06-08 14:51 28,672 --a------ C:\WINDOWS\system32\batmeter.dll
2007-06-08 14:51 253,440 --a------ C:\WINDOWS\system32\calc.exe
2007-06-08 14:51 242,176 --a------ C:\WINDOWS\system32\mstask.dll
2007-06-08 14:51 216,576 --a------ C:\WINDOWS\notepad.exe
2007-06-08 14:51 205,312 --a------ C:\WINDOWS\system32\console.dll
2007-06-08 14:51 2,236,416 --a------ C:\WINDOWS\system32\inetcplc.dll
2007-06-08 14:51 145,920 --a------ C:\WINDOWS\system32\hotplug.dll
2007-06-08 14:51 12,288 --a------ C:\WINDOWS\system32\batt.dll
2007-06-08 14:51 105,984 --a------ C:\WINDOWS\system32\acctres.dll
2007-06-08 14:51 1,554,944 --a------ C:\WINDOWS\system32\printui.dll
2007-06-08 14:51 1,505,792 --a------ C:\WINDOWS\system32\shdoclc.dll
2007-06-08 14:51 1,476,608 --a------ C:\WINDOWS\system32\newdev.dll
2007-06-08 14:50 3,534 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-08 14:49 <REP> d-------- C:\WINDOWS\BricoPacks
2007-06-08 14:23 <REP> d-------- C:\WINDOWS\Prefetch
2007-06-08 14:09 8,704 --a------ C:\WINDOWS\system32\infoctrs.dll
2007-06-08 14:09 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2007-06-08 14:09 7,168 --a------ C:\WINDOWS\system32\wamregps.dll
2007-06-08 14:09 60,416 --a------ C:\WINDOWS\system32\iismap.dll
2007-06-08 14:09 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2007-06-08 14:09 6,144 --a------ C:\WINDOWS\system32\admxprox.dll
2007-06-08 14:09 59,392 --a------ C:\WINDOWS\system32\iisext.dll
2007-06-08 14:09 56,832 --a------ C:\WINDOWS\system32\convlog.exe
2007-06-08 14:09 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll
2007-06-08 14:09 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll
2007-06-08 14:09 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2007-06-08 14:09 34,816 --a------ C:\WINDOWS\system32\admwprox.dll
2007-06-08 14:09 3,584 --a------ C:\WINDOWS\system32\iismui.dll
2007-06-08 14:09 249,344 --a------ C:\WINDOWS\system32\adsiis.dll
2007-06-08 14:09 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll
2007-06-08 14:09 14,848 --a------ C:\WINDOWS\system32\iisreset.exe
2007-06-08 14:09 13,312 --a------ C:\WINDOWS\system32\exstrace.dll
2007-06-08 14:09 120,832 --a------ C:\WINDOWS\system32\iisRtl.dll
2007-06-08 14:09 11,776 --a------ C:\WINDOWS\system32\infoadmn.dll
2007-06-08 14:09 10,240 --a------ C:\WINDOWS\system32\aspperf.dll
2007-06-08 14:09 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-06-08 14:04 111,872 --a------ C:\WINDOWS\system32\drivers\cwcspud.sys
2007-06-08 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-06-08 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-06-08 13:46 <REP> d-------- C:\WINDOWS\setup.pss
2007-06-07 23:46 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2007-06-07 23:46 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-06 07:13:33 -------- d-----w C:\Program Files\McAfee
2007-07-05 19:03:18 3,758 ----a-w C:\WINDOWS\mozver.dat
2007-07-05 18:14:49 -------- d-----w C:\Program Files\Lx_cats
2007-07-04 22:28:44 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-07-04 12:14:30 -------- d-----w C:\Program Files\Yahoo!
2007-07-03 13:18:26 -------- d-----w C:\DOCUME~1\GRME~1\APPLIC~1\MSN6
2007-07-03 10:09:39 -------- d-----w C:\Program Files\adslTV
2007-06-18 11:29:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-09 20:13:23 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-08 12:57:45 -------- d-----w C:\Program Files\Movie Maker
2007-06-08 12:54:10 -------- d-----w C:\Program Files\Crystal Clear
2007-06-08 12:54:09 53,466 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-06-08 12:27:51 483,302 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-08 12:27:50 74,020 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-08 12:10:02 26,380 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-08 12:09:31 -------- d-----w C:\Program Files\Messenger
2007-06-05 15:36:22 -------- d-----w C:\Program Files\ToniArts
2007-06-05 15:36:22 -------- d-----w C:\Program Files\Speed Thief
2007-06-05 15:36:22 -------- d-----w C:\Program Files\Power IE
2007-06-05 15:28:48 -------- d-----w C:\Program Files\Google
2007-06-03 09:47:14 -------- d-----w C:\DOCUME~1\GRME~1\APPLIC~1\SiteAdvisor
2007-06-01 14:49:35 -------- d-----w C:\Program Files\Micro Application
2007-05-27 13:22:41 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-05-18 14:43:28 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-13 21:22:32 -------- d-----w C:\Program Files\Isotope244 Graphics
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-09 21:42:19 176,368 ----a-w C:\WINDOWS\GalleryPlayer Images Uninstaller.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
2007-03-30 17:41 1099304 --a------ C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
2006-03-26 23:44 265432 --a------ C:\Program Files\Windows Desktop Search\dsWebAllow.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-12-15 04:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
2006-12-22 16:02 67136 --a------ c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 21:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-05 21:10]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 16:21]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-01-19 12:05]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 13:01]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceCheck"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 14:11]


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
rundll32 iesetup.dll,IEAccessUserInst

Contents of the 'Scheduled Tasks' folder
2007-06-14 23:01:36 C:\WINDOWS\tasks\McDefragTask.job
2007-06-30 23:00:04 C:\WINDOWS\tasks\McQcTask.job
2007-04-10 23:32:08 C:\WINDOWS\tasks\SesamTVMC.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 14:16:49
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0088351183706060mcinstcleanup]
"ImagePath"="C:\WINDOWS\TEMP\008835~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

Completion time: 2007-07-06 14:17:57
C:\ComboFix-quarantined-files.txt ... 2007-07-06 14:17

--- E O F ---


voici le nouveau Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 14:22:42, on 06/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Crystal Clear\YzShadow\YzShadow.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Y'z Shadow.lnk = C:\Program Files\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\Program Files\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O15 - Trusted Zone: http://mamanbohneur.bbactif.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0088351183706060) (0088351183706060mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\008835~1.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe



MERCI!!!

Re

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\pjvoin.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il te sera peut-être demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

:hello:  je n'ai plus de réponse de votre part.
Peut-être ne travaillez-vous pas le week end?!

J'aimerais savoir si c'est teminé, savoir si j'ai encore le virus ou non?!
Savoir s'il y a d'autres démarches à effectuer.

Merci de votre répose et de votre aide!!!

This action will cancel the scan
Are you sure you want to cancel the scan?

Español | English Sign in | Sign up | My account | Sign out Home| What is TotalScan?| We love feedback!| FAQ Quick scan: Searching for malicious software
Scanning
Searching 1,159,184 viruses, spyware, Trojans and other threats. It also uses heuristic technologies to detect unknown viruses.

100%


Item in progress:
Items scanned:
3509

Items with viruses, spyware, Trojans... detected:
62

Suspicious files detected:
0

Results
PC infected
27 examples of less dangerous malicious software.
We have not detected any antivirus installed.
El texto que corresponda en cada momento
After a quick scan of your PC, we have not detected any ACTIVE or LATENT malicious software.
Become a TotalScan Pro member
Includes disinfection!

Scan details
High danger level (0)

Medium danger level (0)

Low danger level (27)
Cookie/Casalem... Tracking Cookie Latent Show + Info
C:\Documents and Settings...es.txt[.casalemedia.com/]
C:\Documents and Settings...es.txt[.casalemedia.com/]
C:\Documents and Settings...es.txt[.casalemedia.com/]
C:\Documents and Settings...es.txt[.casalemedia.com/]
C:\Documents and Settings...es.txt[.casalemedia.com/]
dialer.ags Dialer Latent Show + Info
hkey_current_user\software\montorgueil
Cookie/Doublec... Tracking Cookie Latent Show + Info
C:\Documents and Settings...es.txt[.doubleclick.net/]
Cookie/Bluestr... Tracking Cookie Latent Show + Info
C:\Documents and Settings...ies.txt[.bluestreak.com/]
Cookie/WUpd Tracking Cookie Latent Show + Info
C:\Documents and Settings...ookies.txt[.revenue.net/]
Cookie/Comclic... Tracking Cookie Latent Show + Info
C:\Documents and Settings...t[fl01.ct2.comclick.com/]
C:\Documents and Settings...t[fl01.ct2.comclick.com/]
C:\Documents and Settings...t[fl01.ct2.comclick.com/]
Cookie/Atlas D... Tracking Cookie Latent Show + Info
C:\Documents and Settings...\cookies.txt[.atdmt.com/]
Cookie/RealMed... Tracking Cookie Latent Show + Info
C:\Documents and Settings...s.txt[.247realmedia.com/]
C:\Documents and Settings...s.txt[.247realmedia.com/]
C:\Documents and Settings...s.txt[.247realmedia.com/]
Cookie/Com.com Tracking Cookie Latent Show + Info
C:\Documents and Settings...lt\cookies.txt[.com.com/]
Cookie/FastCli... Tracking Cookie Latent Show + Info
C:\Documents and Settings...kies.txt[.fastclick.net/]
C:\Documents and Settings...kies.txt[.fastclick.net/]
Cookie/Adverti... Tracking Cookie Latent Show + Info
C:\Documents and Settings...es.txt[.advertising.com/]
C:\Documents and Settings...es.txt[.advertising.com/]
C:\Documents and Settings...es.txt[.advertising.com/]
C:\Documents and Settings...es.txt[.advertising.com/]
Cookie/2o7 Tracking Cookie Latent Show + Info
C:\Documents and Settings...lt\cookies.txt[.2o7.net/]
C:\Documents and Settings...lt\cookies.txt[.2o7.net/]
Cookie/Tradedo... Tracking Cookie Latent Show + Info
C:\Documents and Settings...s.txt[.tradedoubler.com/]
C:\Documents and Settings...s.txt[.tradedoubler.com/]
C:\Documents and Settings...s.txt[.tradedoubler.com/]
C:\Documents and Settings...s.txt[.tradedoubler.com/]
Cookie/Questio... Tracking Cookie Latent Show + Info
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
C:\Documents and Settings...txt[.questionmarket.com/]
Cookie/Weboram... Tracking Cookie Latent Show + Info
C:\Documents and Settings...ookies.txt[.weborama.fr/]
C:\Documents and Settings...ookies.txt[.weborama.fr/]
C:\Documents and Settings...ookies.txt[.weborama.fr/]
Cookie/Overtur... Tracking Cookie Latent Show + Info
C:\Documents and Settings...okies.txt[.overture.com/]
C:\Documents and Settings...okies.txt[.overture.com/]
Cookie/Serving... Tracking Cookie Latent Show + Info
C:\Documents and Settings...es.txt[.serving-sys.com/]
C:\Documents and Settings...es.txt[.serving-sys.com/]
C:\Documents and Settings...es.txt[.serving-sys.com/]
C:\Documents and Settings...es.txt[.serving-sys.com/]
C:\Documents and Settings...es.txt[.serving-sys.com/]
Cookie/YieldMa... Tracking Cookie Latent Show + Info
C:\Documents and Settings...txt[ad.yieldmanager.com/]
C:\Documents and Settings...txt[ad.yieldmanager.com/]
C:\Documents and Settings...txt[ad.yieldmanager.com/]
C:\Documents and Settings...txt[ad.yieldmanager.com/]
C:\Documents and Settings...txt[ad.yieldmanager.com/]
Cookie/Searchp... Tracking Cookie Latent Show + Info
C:\Documents and Settings...hportal.information.com/]
Cookie/Adtech Tracking Cookie Latent Show + Info
C:\Documents and Settings...\cookies.txt[.adtech.de/]
C:\Documents and Settings...\cookies.txt[.adtech.de/]
Cookie/Statcou... Tracking Cookie Latent Show + Info
C:\Documents and Settings...es.txt[.statcounter.com/]
C:\Documents and Settings...es.txt[.statcounter.com/]
Cookie/Serving... Tracking Cookie Latent Show + Info
C:\Documents and Settings...txt[.bs.serving-sys.com/]
Cookie/Mediapl... Tracking Cookie Latent Show + Info
C:\Documents and Settings...kies.txt[.mediaplex.com/]
Cookie/Webtren... Tracking Cookie Latent Show + Info
C:\Documents and Settings...tatse.webtrendslive.com/]
Cookie/Apmebf Tracking Cookie Latent Show + Info
C:\Documents and Settings...cookies.txt[.apmebf.com/]
Cookie/Xiti Tracking Cookie Latent Show + Info
C:\Documents and Settings...t\cookies.txt[.xiti.com/]
adware/sbsoft Adware Latent Show + Info
HKEY_CLASSES_ROOT\Interfa...4-465b-8368-5ed9b732e22d}
HKEY_CLASSES_ROOT\Interfa...C-435F-BF31-2C4497373C41}

<<
1
2
3
4
5
>>

Suspicious files (3)

<<
1
2
3
4
5
>>
Recommendations
Disinfect
Send suspicious files to laboratory
Install permanent protection
Enable your permanent protection

Update your permanent protection

You should periodically carry out a FULL scan of your PC with TotalScan. That way you will reduce the chances of infection.

How can I do this?


El % of other users' computers were infected and we have disinfected %
Check the Key features and the minimum requirements
Become a TotalScan member. It's FREE.
Benefits: 1. Customized scan 2. Scan history


Disinfection of this type of threat is
exclusive to TotalScan members Pro.
TotalScan Pro Members

It seems that you have registered previously and your account is still active. You cannot register again with the same account. Enter your account using your e-mail and password. Forgotten your password?

E-mail
Please enter this information


Password
Please enter this information


Repeat password
Please enter this information

Remember e-mail and password

I want to receive the latest news about NanoScan or TotalScan. I would also like to receive information on relevant promotions from Panda Software and/or its international representatives.

* Panda Software will send this information via e-mail or other equivalent form of communication (e.g. SMS).

I do not want to receive any type of information.

Have you forgotten your password?



You have not registered yet? Register now FREE
Still not a member?


Become a TotalScan Pro member and benefit from its maximum detection and disinfection capacity:



Detects over 1,100,000 viruses, spyware, Trojans and other threats.
Continuous updates: over 2,500 new viruses every day.
Includes disinfection.


Buy TotalScan Pro and become a member.


Use of TotalScan is subject to acceptance of the Terms and conditions of use
This is a Panda project

On fini le ménage.

Lance OTmoveIT.
  • Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
    NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
  • Une liste apparait dans la partie gauche d'OTmoveIT.
  • Un message apparait pour confirmer le nettoyage. Confirme


    Edite ton premier message et ajoute Résolu à côté du titre.

    voici la colonne de droite

    File/Folder C:\avenger.zip not found.
    File/Folder C:\Avenger not found.
    File/Folder C:\avenger.txt not found.
    File/Folder C:\bfu.zip not found.
    File/Folder C:\BFU not found.
    File/Folder C:\combofix.exe not found.
    File/Folder C:\QooBox not found.
    C:\ComboFix*.txt moved successfully.
    C:\ComboFix*.txt moved successfully.
    File move failed. C:\Documents and Settings\Gérôme\Desktop\ComboFix*.txt scheduled to be moved on reboot.
    C:\WINDOWS\ComboFix*.txt moved successfully.
    C:\WINDOWS\system32\ComboFix*.txt moved successfully.
    C:\WINDOWS\system32\drivers\ComboFix*.txt moved successfully.
    File/Folder C:\catchme.exe not found.
    File/Folder C:\nircmd.exe not found.
    File/Folder C:\swreg.exe not found.
    File/Folder C:\Swxcacls.exe not found.
    File/Folder C:\Swsc.exe not found.
    File/Folder C:\dss.exe not found.
    File/Folder C:\Deckard not found.
    File/Folder C:\FindAWF.exe not found.
    File/Folder C:\AWF.txt not found.
    File/Folder C:\fixwareout.exe not found.
    File/Folder C:\fixwareout not found.
    File/Folder C:\fsbl.exe not found.
    C:\fsbl*.log moved successfully.
    C:\fsbl*.log moved successfully.
    File move failed. C:\Documents and Settings\Gérôme\Desktop\fsbl*.log scheduled to be moved on reboot.
    C:\WINDOWS\fsbl*.log moved successfully.
    C:\WINDOWS\system32\fsbl*.log moved successfully.
    C:\WINDOWS\system32\drivers\fsbl*.log moved successfully.
    File/Folder C:\gmer.exe not found.
    File/Folder C:\gmer.dll not found.
    File/Folder C:\gmer.ini not found.
    File/Folder C:\gmer.log not found.
    File/Folder C:\gmer_uninstall.cmd not found.
    File/Folder C:\gmer.sys not found.
    Unable to delete service gmer.
    File/Folder C:\haxfix.exe not found.
    File/Folder C:\haxfix.txt not found.
    File/Folder C:\killbox.exe not found.
    File/Folder C:\!Killbox not found.
    File/Folder C:\OTMoveIt.exe not found.
    File/Folder C:\_OTMoveIt not found.
    File/Folder C:\rustbfix.exe not found.
    File/Folder C:\Rustbfix not found.
    File/Folder C:\sdfix.exe not found.
    File/Folder C:\SDFix not found.
    File/Folder C:\SmitfraudFix.exe not found.
    File/Folder C:\SmitfraudFix not found.
    File/Folder C:\rapport.txt not found.
    File/Folder C:\SysInsite not found.
    File/Folder C:\VundoFix.exe not found.
    File/Folder C:\VundoFix Backups not found.
    File/Folder C:\vundofix.txt not found.
    File/Folder C:\win32delfkil.exe not found.
    File/Folder C:\_backupD not found.
    File/Folder C:\windelf.txt not found.
    File/Folder C:\winpfind.exe not found.
    File/Folder C:\WinPfind not found.
    File/Folder C:\winpfind3u.exe not found.
    File/Folder C:\WinPFind3u not found.
    C:\cleanup.txt moved successfully.
    File move failed. C:\Documents and Settings\Gérôme\Bureau\OTMoveIt.exe scheduled to be moved on reboot.


    Par contre je ne comprends pas très bien ta dernière phrase...
    Résolu je le mets où?

    Désolée vraiment!!

    Merci!!!!!!!!!

    Désolée mais je n'ai rien concernant des icônes
    et l'heure.
    quand j'accepte le nettoyage, ma colonne de droite se remplit
    puis c'est tout.
    Donc c'est écrit à gauche et à droite et c'est tout...
    pas d'heure et pas de titre.

    Désolée vraiment!!
    Lassé par la pub ? Créez un compte

    Répondre Créer un nouveau sujet

    Tom's guide dans le monde