Au secourrrrrrrrrrr Viiruuuuuuuus

Coucou, j'ai un virus mais quand je lance mon antivirus avast
j'arive pas à les supprimer comment faire ?
merci de me REPONDRE

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

bonsoir
tu as l'emplacement du virus?
quel est le chemin de la detection?

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

non comment savoir?
et j'ai des chevals de troie aussi je crois

Répondre à hollye tyler

bonjour
on va regarder

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

voila le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:44, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\lphant\eLePhantClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {159682fc-1dd2-11b2-8845-e695a6654d4d} - C:\WINDOWS\juzqdkzo.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201522502.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\MDB1B~1.MAS\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F815EBDCD66A47
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [gpmtatsh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gpmtatsh.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 13042 bytes

Répondre à hollye tyler

ok

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.c [...] /SDFix.exe ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.

Déroule la liste des instructions ci-dessous :

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Raport SDfix:

SDFix: Version 1.136

Run by miss-pink on 03/02/2008 at 20:40

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
astq
FFI
fvelwow
jecsst
ldrsvc
msupdate
nested
smtpdrv
ztx86

Path:
\??\C:\WINDOWS\system32\drivers\astq.tga
C:\WINDOWS\system32\svchost.exe:exm.exe
\??\C:\WINDOWS\system32\fvelwow.sys
\??\C:\WINDOWS\system32\jecsst.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
c:\windows\system32\msvcrtd.exe
\??\C:\WINDOWS\system32\nested.sys
System32\DRIVERS\smtpdrv.sys
\??\C:\WINDOWS\system32\ztx86.sys

astq - Deleted
FFI - Deleted
fvelwow - Deleted
jecsst - Deleted
ldrsvc - Deleted
msupdate - Deleted
nested - Deleted
smtpdrv - Deleted
ztx86 - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service NdisWon - Deleted after Reboot
Service Wcvw55 - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\drivers\Wcvw55.sys - Deleted
C:\839718~1 - Deleted
C:\WINDOWS\luvcrmkb\1.png - Deleted
C:\WINDOWS\luvcrmkb\2.png - Deleted
C:\WINDOWS\luvcrmkb\3.png - Deleted
C:\WINDOWS\luvcrmkb\4.png - Deleted
C:\WINDOWS\luvcrmkb\5.png - Deleted
C:\WINDOWS\luvcrmkb\6.png - Deleted
C:\WINDOWS\luvcrmkb\7.png - Deleted
C:\WINDOWS\luvcrmkb\8.png - Deleted
C:\WINDOWS\luvcrmkb\9.png - Deleted
C:\WINDOWS\luvcrmkb\bottom-rc.gif - Deleted
C:\WINDOWS\luvcrmkb\config.png - Deleted
C:\WINDOWS\luvcrmkb\content.png - Deleted
C:\WINDOWS\luvcrmkb\download.gif - Deleted
C:\WINDOWS\luvcrmkb\frame-bg.gif - Deleted
C:\WINDOWS\luvcrmkb\frame-bottom-left.gif - Deleted
C:\WINDOWS\luvcrmkb\frame-h1bg.gif - Deleted
C:\WINDOWS\luvcrmkb\head.png - Deleted
C:\WINDOWS\luvcrmkb\icon.png - Deleted
C:\WINDOWS\luvcrmkb\indexwp.html - Deleted
C:\WINDOWS\luvcrmkb\main.css - Deleted
C:\WINDOWS\luvcrmkb\memory-prots.png - Deleted
C:\WINDOWS\luvcrmkb\net.png - Deleted
C:\WINDOWS\luvcrmkb\pc.gif - Deleted
C:\WINDOWS\luvcrmkb\pc-mag.gif - Deleted
C:\WINDOWS\luvcrmkb\poloska1.png - Deleted
C:\WINDOWS\luvcrmkb\poloska2.png - Deleted
C:\WINDOWS\luvcrmkb\poloska3.png - Deleted
C:\WINDOWS\luvcrmkb\promowp1.html - Deleted
C:\WINDOWS\luvcrmkb\promowp2.html - Deleted
C:\WINDOWS\luvcrmkb\promowp3.html - Deleted
C:\WINDOWS\luvcrmkb\promowp4.html - Deleted
C:\WINDOWS\luvcrmkb\promowp5.html - Deleted
C:\WINDOWS\luvcrmkb\reg.png - Deleted
C:\WINDOWS\luvcrmkb\repair.png - Deleted
C:\WINDOWS\luvcrmkb\scr-1.png - Deleted
C:\WINDOWS\luvcrmkb\scr-2.png - Deleted
C:\WINDOWS\luvcrmkb\start.png - Deleted
C:\WINDOWS\luvcrmkb\styles.css - Deleted
C:\WINDOWS\luvcrmkb\top-rc.gif - Deleted
C:\WINDOWS\luvcrmkb\vline.gif - Deleted
C:\WINDOWS\luvcrmkb\wp.png - Deleted
C:\WINDOWS\mjrjpqud\1.png - Deleted
C:\WINDOWS\mjrjpqud\2.png - Deleted
C:\WINDOWS\mjrjpqud\3.png - Deleted
C:\WINDOWS\mjrjpqud\4.png - Deleted
C:\WINDOWS\mjrjpqud\5.png - Deleted
C:\WINDOWS\mjrjpqud\6.png - Deleted
C:\WINDOWS\mjrjpqud\7.png - Deleted
C:\WINDOWS\mjrjpqud\8.png - Deleted
C:\WINDOWS\mjrjpqud\9.png - Deleted
C:\WINDOWS\mjrjpqud\bottom-rc.gif - Deleted
C:\WINDOWS\mjrjpqud\config.png - Deleted
C:\WINDOWS\mjrjpqud\content.png - Deleted
C:\WINDOWS\mjrjpqud\download.gif - Deleted
C:\WINDOWS\mjrjpqud\frame-bg.gif - Deleted
C:\WINDOWS\mjrjpqud\frame-bottom-left.gif - Deleted
C:\WINDOWS\mjrjpqud\frame-h1bg.gif - Deleted
C:\WINDOWS\mjrjpqud\head.png - Deleted
C:\WINDOWS\mjrjpqud\icon.png - Deleted
C:\WINDOWS\mjrjpqud\indexwp.html - Deleted
C:\WINDOWS\mjrjpqud\main.css - Deleted
C:\WINDOWS\mjrjpqud\memory-prots.png - Deleted
C:\WINDOWS\mjrjpqud\net.png - Deleted
C:\WINDOWS\mjrjpqud\pc.gif - Deleted
C:\WINDOWS\mjrjpqud\pc-mag.gif - Deleted
C:\WINDOWS\mjrjpqud\poloska1.png - Deleted
C:\WINDOWS\mjrjpqud\poloska2.png - Deleted
C:\WINDOWS\mjrjpqud\poloska3.png - Deleted
C:\WINDOWS\mjrjpqud\promowp1.html - Deleted
C:\WINDOWS\mjrjpqud\promowp2.html - Deleted
C:\WINDOWS\mjrjpqud\promowp3.html - Deleted
C:\WINDOWS\mjrjpqud\promowp4.html - Deleted
C:\WINDOWS\mjrjpqud\promowp5.html - Deleted
C:\WINDOWS\mjrjpqud\reg.png - Deleted
C:\WINDOWS\mjrjpqud\repair.png - Deleted
C:\WINDOWS\mjrjpqud\scr-1.png - Deleted
C:\WINDOWS\mjrjpqud\scr-2.png - Deleted
C:\WINDOWS\mjrjpqud\start.png - Deleted
C:\WINDOWS\mjrjpqud\styles.css - Deleted
C:\WINDOWS\mjrjpqud\top-rc.gif - Deleted
C:\WINDOWS\mjrjpqud\vline.gif - Deleted
C:\WINDOWS\mjrjpqud\wp.png - Deleted
C:\WINDOWS\PerfInfo\PKYFoNqpC0wp.exe - Deleted
C:\Program Files\Helper\1201096631.dll - Deleted
C:\Program Files\Helper\1201116000.dll - Deleted
C:\Program Files\Helper\1201120829.dll - Deleted
C:\Program Files\Helper\1201272350.dll - Deleted
C:\Program Files\Helper\1201292044.dll - Deleted
C:\Program Files\Helper\1201378749.dll - Deleted
C:\Program Files\Helper\1201379172.dll - Deleted
C:\Program Files\Helper\1201522502.dll - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\d.exe - Deleted
C:\WINDOWS\17PHolmes1148.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\WINDOWS\system32\0_exception.nls - Deleted
C:\WINDOWS\hotporn.exe - Deleted
C:\WINDOWS\ie_32.exe - Deleted
C:\WINDOWS\system32\drivers\svchost.exe - Deleted
C:\WINDOWS\system32\drivers\astq.tga - Deleted
C:\WINDOWS\system32\drivers\fak32.sys - Deleted
C:\WINDOWS\system32\drivers\khtml.sys - Deleted
C:\WINDOWS\system32\drivers\retx2.sys - Deleted
C:\WINDOWS\system32\drivers\symavc32.sys - Deleted
C:\WINDOWS\system32\fvelwow.sys - Deleted
C:\WINDOWS\system32\jecsst.sys - Deleted
C:\WINDOWS\system32\nested.sys - Deleted
C:\WINDOWS\system32\ztx86.sys - Deleted

Folder C:\Program Files\Helper - Removed
Folder C:\WINDOWS\PerfInfo - Removed

Removing Temp Files...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 20:47:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1244

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"="C:\\Program Files\\Acer TV-FM\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\Acer TV-FM\\PCMService.exe"="C:\\Program Files\\Acer TV-FM\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\13exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\13exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\35exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\35exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\55exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\55exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\26exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\26exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\59exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\59exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\23exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\23exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\34exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\34exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\49exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\49exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\98exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\98exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\83exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\83exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\28exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\28exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*isabled:Skype. The whole world can talk for free."
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*isabled:Windows© NetMeeting©"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabledownload Accelerator Plus (DAP)"
"C:\\Program Files\\Ares MP3\\AresMP3.exe"="C:\\Program Files\\Ares MP3\\AresMP3.exe:*isabled:AresMP3"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*isabled:Azureus"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*isabledartage de l'application RTC"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE:*isabled:Microsoft Office Word"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabledando Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\MDB1B~1.MAS\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MDB1B~1.MAS\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\M.Massoundi\\xtfrlp.exe"="C:\\Documents and Settings\\M.Massoundi\\xtfrlp.exe:*:Enabled:Windows Service"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*isabled:Microsoft Management Console"
"C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
"C:\\Program Files\\lphant\\eLePhantClient.exe"="C:\\Program Files\\lphant\\eLePhantClient.exe:*:Enabled:Lphant"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------
C:\WINDOWS\hotporn.exe Found
C:\WINDOWS\ie_32.exe Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 29 Aug 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Sat 25 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 25 Nov 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Sat 16 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4878a187565d10d360502f64c0bf9b8\BIT64.tmp"

Finished!

______
Rapporrt Hijacktis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:43, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {159682fc-1dd2-11b2-8845-e695a6654d4d} - C:\WINDOWS\juzqdkzo.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [gpmtatsh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gpmtatsh.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 12254 bytes

Message édité par hollye tyler le 03-02-2008 à 21:00:09

Répondre à hollye tyler

re

tu es vraiment bien infecté...

1

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

2

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\rxjdd nvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {159682fc-1dd2-11b2-8845-e695a6654d4d} - C:\WINDOWS\juzqdkzo.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

3

Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

4

ajoute un nouveau rapport Hijackthis.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

rapport combofix :
ComboFix 08-02.03.1 - miss-pink 2008-02-04 17:51:27.1 - NTFSx86
Endroit: C:\Documents and Settings\miss-pink\Local Settings\Temporary Internet Files\Content.IE5\TFAWRYTI\ComboFix[1].exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\gpmtatsh.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\miss-pink\Application Data\macromedia\Flash Player\#SharedObjects\CRFGW36V\iforex.com
C:\Documents and Settings\miss-pink\Application Data\macromedia\Flash Player\#SharedObjects\CRFGW36V\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\miss-pink\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\miss-pink\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\miss-pink\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\miss-pink\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\miss-pink\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\miss-pink\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\Conditions générales.url
C:\Program Files\messengerskinner\Confidentialité.url
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\uninst.exe
C:\Program Files\messengerskinner\Website.url
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\winperformance
C:\Program Files\winperformance\registry_backup\2008.01.22 22.36.53.rb
C:\Program Files\winperformance\registry_backup\2008.01.23 14.58.50.rb
C:\Program Files\winperformance\registry_backup\2008.01.24 09.35.30.rb
C:\Program Files\winperformance\uninstall.exe
C:\WINDOWS\1151.exe
C:\WINDOWS\12783.exe
C:\WINDOWS\15442.exe
C:\WINDOWS\16364.exe
C:\WINDOWS\16379.exe
C:\WINDOWS\16732.exe
C:\WINDOWS\17578.exe
C:\WINDOWS\17790.exe
C:\WINDOWS\18540.exe
C:\WINDOWS\19822.exe
C:\WINDOWS\20517.exe
C:\WINDOWS\23121.exe
C:\WINDOWS\23888.exe
C:\WINDOWS\25363.exe
C:\WINDOWS\27299.exe
C:\WINDOWS\27303.exe
C:\WINDOWS\2879.exe
C:\WINDOWS\3023.exe
C:\WINDOWS\31553.exe
C:\WINDOWS\3259.exe
C:\WINDOWS\33358.exe
C:\WINDOWS\33755.exe
C:\WINDOWS\33951.exe
C:\WINDOWS\34447.exe
C:\WINDOWS\35480.exe
C:\WINDOWS\36598.exe
C:\WINDOWS\3696.exe
C:\WINDOWS\38228.exe
C:\WINDOWS\38329.exe
C:\WINDOWS\3877.exe
C:\WINDOWS\3987.exe
C:\WINDOWS\40562.exe
C:\WINDOWS\4119.exe
C:\WINDOWS\41565.exe
C:\WINDOWS\41841.exe
C:\WINDOWS\42509.exe
C:\WINDOWS\42731.exe
C:\WINDOWS\43795.exe
C:\WINDOWS\44562.exe
C:\WINDOWS\45324.exe
C:\WINDOWS\45971.exe
C:\WINDOWS\46454.exe
C:\WINDOWS\48421.exe
C:\WINDOWS\48703.exe
C:\WINDOWS\50180.exe
C:\WINDOWS\50186.exe
C:\WINDOWS\52194.exe
C:\WINDOWS\52351.exe
C:\WINDOWS\5273.exe
C:\WINDOWS\53531.exe
C:\WINDOWS\54822.exe
C:\WINDOWS\55769.exe
C:\WINDOWS\56302.exe
C:\WINDOWS\5934.exe
C:\WINDOWS\59669.exe
C:\WINDOWS\63075.exe
C:\WINDOWS\63256.exe
C:\WINDOWS\63767.exe
C:\WINDOWS\63815.exe
C:\WINDOWS\65142.exe
C:\WINDOWS\65560.exe
C:\WINDOWS\65982.exe
C:\WINDOWS\66027.exe
C:\WINDOWS\66208.exe
C:\WINDOWS\67145.exe
C:\WINDOWS\67439.exe
C:\WINDOWS\69667.exe
C:\WINDOWS\69796.exe
C:\WINDOWS\70140.exe
C:\WINDOWS\70200.exe
C:\WINDOWS\70425.exe
C:\WINDOWS\71061.exe
C:\WINDOWS\71087.exe
C:\WINDOWS\71166.exe
C:\WINDOWS\7163.exe
C:\WINDOWS\72355.exe
C:\WINDOWS\73165.exe
C:\WINDOWS\75012.exe
C:\WINDOWS\75416.exe
C:\WINDOWS\75658.exe
C:\WINDOWS\76191.exe
C:\WINDOWS\764.exe
C:\WINDOWS\77054.exe
C:\WINDOWS\77748.exe
C:\WINDOWS\78201.exe
C:\WINDOWS\78536.exe
C:\WINDOWS\78846.exe
C:\WINDOWS\79505.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\80061.exe
C:\WINDOWS\80139.exe
C:\WINDOWS\81908.exe
C:\WINDOWS\82199.exe
C:\WINDOWS\82476.exe
C:\WINDOWS\83463.exe
C:\WINDOWS\84026.exe
C:\WINDOWS\84777.exe
C:\WINDOWS\87241.exe
C:\WINDOWS\87248.exe
C:\WINDOWS\88662.exe
C:\WINDOWS\89065.exe
C:\WINDOWS\89882.exe
C:\WINDOWS\9698.exe
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\juzqdkzo.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\drivers\Xkb20.sys
C:\WINDOWS\system32\drivers\Ywj39.sys
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\pplwjfw.dat
C:\WINDOWS\system32\pplwjfw.exe
C:\WINDOWS\system32\pplwjfw_nav.dat
C:\WINDOWS\system32\pplwjfw_navps.dat
C:\WINDOWS\system32\RTELM.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xubgvmlu.dll
C:\WINDOWS\xxxvideo.exe

----- BITS: Possible sites infectés -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-02-04 17:27 . 2008-02-04 17:27 213,227 --a------ C:\WINDOWS\system32\wininet_s3.dll
2008-02-03 20:38 . 2008-02-03 20:38 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-03 20:33 . 2008-02-03 20:52 <REP> d-------- C:\SDFix
2008-02-03 15:29 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-03 15:29 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-03 15:29 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-03 12:49 . 2008-02-03 12:49 <REP> d-------- C:\Documents and Settings\miss-pink\Application Data\Ulead Systems
2008-02-03 12:46 . 1999-10-15 12:50 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
2008-02-03 12:45 . 2008-02-03 12:45 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
2008-02-03 12:45 . 2006-07-22 19:37 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2008-02-02 12:27 . 2008-02-02 12:28 30 --a------ C:\WINDOWS\Iedit_.INI
2008-01-30 19:40 . 2005-07-13 11:46 1,570,489 --a------ C:\WINDOWS\system32\sisgl.dll
2008-01-30 19:40 . 2005-07-13 11:15 904,192 --a------ C:\WINDOWS\system32\sisgrv.dll
2008-01-30 19:40 . 2005-07-13 11:07 257,024 --a------ C:\WINDOWS\system32\drivers\sisgrp.sys
2008-01-30 19:40 . 2003-11-27 00:10 65,536 --a------ C:\WINDOWS\system32\sis760.bin
2008-01-30 19:40 . 2003-11-27 00:10 65,536 --a------ C:\WINDOWS\system32\sis741.bin
2008-01-30 19:40 . 2005-07-13 11:05 49,152 --a------ C:\WINDOWS\system32\sis660.bin
2008-01-30 19:40 . 2005-07-13 10:55 28,672 --a------ C:\WINDOWS\system32\SiSPInst.dll
2008-01-30 19:40 . 2005-07-13 11:48 11,904 --a------ C:\WINDOWS\system32\drivers\srvkp.sys
2008-01-30 15:56 . 2008-01-30 15:56 29,180 --a------ C:\WINDOWS\system32\wmedia32.exe
2008-01-28 13:14 . 2001-08-17 21:52 18,688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2008-01-28 13:14 . 2001-08-17 21:52 18,688 --a------ C:\WINDOWS\system32\dllcache\cdaudio.sys
2008-01-28 13:09 . 2008-01-28 13:09 18,432 --a------ C:\cvbkwtb.exe
2008-01-27 13:52 . 2008-01-27 13:52 <REP> d-------- C:\Program Files\Windows Defender
2008-01-26 21:26 . 2008-01-26 21:26 33,280 --a------ C:\kkynn.exe
2008-01-26 21:26 . 2008-01-26 21:26 50 --a------ C:\kkynn.bat
2008-01-26 14:59 . 2008-02-03 20:44 <REP> d-------- C:\WINDOWS\luvcrmkb
2008-01-26 14:58 . 2008-01-26 14:58 201,216 --a------ C:\WINDOWS\jmrknipw.dll
2008-01-26 14:56 . 2008-01-26 14:56 89,617 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-01-26 14:56 . 2008-01-26 14:56 89,617 --a------ C:\WINDOWS\sdebozqn.exe
2008-01-26 14:56 . 2008-01-26 14:56 40,960 --a------ C:\WINDOWS\fubslaxw.exe
2008-01-26 07:52 . 2005-11-02 23:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-26 07:52 . 2005-11-02 23:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-26 07:52 . 2006-09-12 05:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-26 07:52 . 2006-09-12 05:29 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-26 07:52 . 2006-09-12 05:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-26 07:52 . 2006-09-12 05:29 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-26 07:52 . 2006-09-12 05:29 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-26 07:52 . 2005-11-03 00:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-25 15:41 . 2008-01-26 21:25 58,368 --a------ C:\blhhjtpx.exe
2008-01-24 18:16 . 2008-01-26 11:54 3,390 --a------ C:\WINDOWS\system32\testscript.tmp
2008-01-23 14:59 . 2008-01-23 14:59 29 --a------ C:\WINDOWS\system32\ssurwwdp.tmp
2008-01-23 14:49 . 2008-01-23 16:42 258,121 --a------ C:\WINDOWS\system32\sysdamp.exe
2008-01-23 14:49 . 2008-01-23 14:49 69,493 --------- C:\WINDOWS\system32\drivers\smss.exe
2008-01-23 14:49 . 2008-01-23 14:49 69,493 --------- C:\WINDOWS\system32\drivers\csrss.exe
2008-01-23 14:48 . 2008-01-23 14:48 69,493 --------- C:\WINDOWS\system32\drivers\alg.exe
2008-01-23 12:07 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-23 12:06 . 2008-01-23 12:06 <REP> d-------- C:\Program Files\Alwil Software
2008-01-23 12:06 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-23 12:06 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-23 12:06 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-23 12:06 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-22 21:59 . 2008-01-28 13:09 58,368 --a------ C:\upaq.exe
2008-01-22 10:45 . 2008-01-23 12:50 <REP> d-------- C:\Program Files\DioCleanerPro
2008-01-22 00:58 . 2008-01-22 00:58 3,776,774 --a------ C:\WINDOWS\PKYFoNqpC0.exe
2008-01-21 23:12 . 2008-02-03 20:45 <REP> d-------- C:\WINDOWS\mjrjpqud
2008-01-21 23:12 . 2008-01-21 23:12 183,808 --a------ C:\WINDOWS\raxenuby.dll
2008-01-21 23:11 . 2008-01-21 23:11 35,840 --a------ C:\WINDOWS\ghqbqnel.exe
2008-01-21 23:05 . 2008-01-21 23:05 10,752 --a------ C:\bhij.exe
2008-01-13 14:25 . 2008-01-13 14:35 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-01-13 14:25 . 2008-01-13 14:35 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-01-05 16:53 . 2008-01-27 10:29 <REP> d-------- C:\Program Files\Fichiers communs\SmartCom
2008-01-05 16:51 . 2008-01-27 10:33 <REP> d-------- C:\Program Files\SmartCom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 11:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-03 09:40 90,112 ----a-w C:\WINDOWS\DUMP46ec.tmp
2008-02-02 11:03 --------- d-----w C:\Program Files\Ulead Systems
2008-02-01 14:49 90,112 ----a-w C:\WINDOWS\DUMP3d09.tmp
2008-02-01 14:48 90,112 ----a-w C:\WINDOWS\DUMP39fb.tmp
2008-01-30 21:32 90,112 ----a-w C:\WINDOWS\DUMP3b72.tmp
2008-01-30 18:46 90,112 ----a-w C:\WINDOWS\DUMP3645.tmp
2008-01-30 16:42 90,112 ----a-w C:\WINDOWS\DUMP37ab.tmp
2008-01-30 15:06 90,112 ----a-w C:\WINDOWS\DUMP33c3.tmp
2008-01-30 15:03 90,112 ----a-w C:\WINDOWS\DUMP35b7.tmp
2008-01-30 09:12 90,112 ----a-w C:\WINDOWS\DUMP3596.tmp
2008-01-29 16:16 90,112 ----a-w C:\WINDOWS\DUMP3901.tmp
2008-01-29 07:22 90,112 ----a-w C:\WINDOWS\DUMP3623.tmp
2008-01-29 07:06 90,112 ----a-w C:\WINDOWS\DUMP35d5.tmp
2008-01-29 07:05 90,112 ----a-w C:\WINDOWS\DUMP35a6.tmp
2008-01-29 07:02 90,112 ----a-w C:\WINDOWS\DUMP35b6.tmp
2008-01-28 18:19 90,112 ----a-w C:\WINDOWS\DUMP355a.tmp
2008-01-28 12:39 90,112 ----a-w C:\WINDOWS\DUMP35c6.tmp
2008-01-28 12:34 90,112 ----a-w C:\WINDOWS\DUMP341f.tmp
2008-01-28 12:30 90,112 ----a-w C:\WINDOWS\DUMP33c2.tmp
2008-01-28 12:27 90,112 ----a-w C:\WINDOWS\DUMP3587.tmp
2008-01-28 12:25 90,112 ----a-w C:\WINDOWS\DUMP3559.tmp
2008-01-27 23:14 90,112 ----a-w C:\WINDOWS\DUMP3558.tmp
2008-01-27 23:13 90,112 ----a-w C:\WINDOWS\DUMP3539.tmp
2008-01-27 13:43 90,112 ----a-w C:\WINDOWS\DUMP3855.tmp
2008-01-26 20:26 90,112 ----a-w C:\WINDOWS\DUMP37d8.tmp
2008-01-26 20:20 90,112 ----a-w C:\WINDOWS\DUMP36de.tmp
2008-01-26 20:19 90,112 ----a-w C:\WINDOWS\DUMP398e.tmp
2008-01-26 10:52 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-01-26 08:29 90,112 ----a-w C:\WINDOWS\DUMP3911.tmp
2008-01-25 19:03 90,112 ----a-w C:\WINDOWS\DUMP378a.tmp
2008-01-25 19:03 90,112 ----a-w C:\WINDOWS\DUMP375b.tmp
2008-01-25 17:44 90,112 ----a-w C:\WINDOWS\DUMP38d2.tmp
2008-01-25 17:43 90,112 ----a-w C:\WINDOWS\DUMP3661.tmp
2008-01-25 16:50 90,112 ----a-w C:\WINDOWS\DUMP36b0.tmp
2008-01-25 16:49 90,112 ----a-w C:\WINDOWS\DUMP34bc.tmp
2008-01-25 16:48 90,112 ----a-w C:\WINDOWS\DUMP36ee.tmp
2008-01-25 16:47 90,112 ----a-w C:\WINDOWS\DUMP3644.tmp
2008-01-25 16:45 90,112 ----a-w C:\WINDOWS\DUMP3643.tmp
2008-01-25 16:44 90,112 ----a-w C:\WINDOWS\DUMP36bf.tmp
2008-01-25 16:43 90,112 ----a-w C:\WINDOWS\DUMP372d.tmp
2008-01-25 16:42 90,112 ----a-w C:\WINDOWS\DUMP3642.tmp
2008-01-25 16:41 90,112 ----a-w C:\WINDOWS\DUMP3921.tmp
2008-01-24 23:50 90,112 ----a-w C:\WINDOWS\DUMP3c1e.tmp
2008-01-24 15:03 90,112 ----a-w C:\WINDOWS\DUMP31dd.tmp
2008-01-24 07:58 90,112 ----a-w C:\WINDOWS\DUMP35f4.tmp
2008-01-24 07:57 90,112 ----a-w C:\WINDOWS\DUMP37aa.tmp
2008-01-24 07:08 90,112 ----a-w C:\WINDOWS\DUMP35c5.tmp
2008-01-23 11:50 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2008-01-23 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\third lies itch ford
2008-01-22 09:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-22 09:10 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2008-01-15 14:13 --------- d-----w C:\Program Files\Google
2008-01-09 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-03 13:21 --------- d-----w C:\Program Files\lphant
2008-01-03 13:15 --------- d-----w C:\Documents and Settings\miss-pink\Application Data\MSNInstaller
2008-01-03 13:14 --------- d-----w C:\Program Files\LimeWire
2008-01-02 20:15 --------- d-----w C:\Documents and Settings\miss-pink\Application Data\LimeWire
2007-12-31 17:24 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-31 17:23 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-31 17:13 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-27 12:40 303,104 ----a-w C:\WINDOWS\system32\kvkeihife.exe
2007-12-26 17:15 304,128 ----a-w C:\WINDOWS\system32\evdotsncn.exe
2007-12-24 20:58 --------- d-----w C:\Program Files\Else plus
2007-12-19 07:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 07:27 --------- d-----w C:\Program Files\Circle Developement
2007-12-19 07:21 290,304 ----a-w C:\WINDOWS\system32\egfobkhg.exe
2007-12-11 19:03 --------- d-----w C:\Program Files\Ares
2007-12-11 17:26 300,544 ----a-w C:\WINDOWS\system32\lnbvbdhwj.exe
2007-12-10 19:20 --------- d-----w C:\Program Files\Java
2007-12-10 19:14 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-12-10 16:39 300,544 ----a-w C:\WINDOWS\system32\jtcuzypdy.exe
2007-12-09 15:43 --------- d-----w C:\Program Files\NewTech Infosystems
2007-12-09 14:18 289,280 ----a-w C:\WINDOWS\system32\pkbxoc.exe
2007-12-09 07:44 297,984 ----a-w C:\WINDOWS\system32\vuysmi.exe
2007-12-08 08:55 --------- d-----w C:\Program Files\D-Tools
2007-12-06 18:21 291,328 ----a-w C:\WINDOWS\system32\cucpdz.exe
2007-12-05 06:43 295,424 ----a-w C:\WINDOWS\system32\davryhc.exe
2007-12-03 16:00 295,936 ----a-w C:\WINDOWS\system32\osqalsr.exe
2007-12-01 07:39 283,648 ----a-w C:\WINDOWS\system32\suzamw.exe
2007-11-29 15:59 285,696 ----a-w C:\WINDOWS\system32\ouikbpazv.exe
2007-11-29 10:46 300,032 ----a-w C:\WINDOWS\system32\riyniu.exe
2007-11-26 17:11 297,984 ----a-w C:\WINDOWS\system32\waxwidnt.exe
2007-11-21 08:05 310,272 ----a-w C:\WINDOWS\system32\ljeqbeq.exe
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-14 07:17 292,352 ----a-w C:\WINDOWS\system32\kamkuz.exe
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-05-29 11:38 0 -c--a-w C:\Program Files\tw10428.dat.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\Styles par défaut.asl.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\Scripts par défaut.atn.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\SaveforWebStrings.txt.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\Outils prédéfinis (défaut).tpl.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\Nuancier par défaut.aco.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\Motifs par défaut.pat.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\Formes perso par défaut.csh.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\Formes par défaut.abr.bak
2007-05-29 11:38 0 -c--a-w C:\Program Files\Formats doc par défaut.txt.bak
2007-05-29 11:37 0 -c--a-w C:\Program Files\Dégradés par défaut.grd.bak
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
2008-02-04 17:27 213227 --a------ C:\WINDOWS\system32\wininet_s3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 18:19 68856]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-08-29 15:42 1008880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Itch ford four knob"="C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe" [2008-02-04 17:43 5001216]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Sysmem32"="C:\WINDOWS\system32\drivers\alg.exe" [2008-01-23 14:48 69493]
"Memory_chech"="C:\WINDOWS\system32\drivers\smss.exe" [2008-01-23 14:49 69493]
"Clipboard_x"="C:\WINDOWS\system32\drivers\csrss.exe" [2008-01-23 14:49 69493]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SiSPower"="SiSPower.dll" [2005-07-13 10:55 49152 C:\WINDOWS\system32\SiSPower.dll]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"Kernel"="C:\WINDOWS\system\svchost.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-18 01:14]
R2 RTETAPIService;RTE : Partage TAPI;"c:\fotowin\RTETPISv.exe" [2000-11-07 09:37]
R3 DCamUSBNW800;TwinkleCam USB Camera;C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-04-19 17:44]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S0 Vpi56;Vpi56;C:\WINDOWS\system32\Drivers\Vpi56.sys []
S0 WPXT;WinPcap Packet Driver (WPXT);C:\WINDOWS\system32\drivers\WPXT.sys []
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-03 20:00:00 C:\WINDOWS\Tasks\AF9AD379916942D1.job"
- c:\docume~1\abdel\applic~1\elsepl~1\Thunkdeafgreat.exe
"2008-01-14 07:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 12:56:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-04 16:30:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 17:55:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\WINDOWS\system32\msole32.exe 27136 bytes
C:\WINDOWS\system32\wml.exe 14080 bytes
C:\WINDOWS\system32\vxddsk.exe 23040 bytes

Scan terminé avec succès
Les fichiers cachés: 3

**************************************************************************
.
Temps d'accomplissement: 2008-02-04 17:57:01
ComboFix-quarantined-files.txt 2008-02-04 16:56:53
.
2008-01-24 07:53:10 --- E O F ---

Rapport hyjacktis'

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:48, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\wininet_s3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 10006 bytes

Répondre à hollye tyler

bonsoir

Copie (Ctrl+C) le texte ci-dessous :

Driver::
Vpi56

File::
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\cvbkwtb.exe
C:\kkynn.exe
C:\kkynn.bat
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\fubslaxw.exe
C:\blhhjtpx.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\upaq.exe
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\ghqbqnel.exe
C:\bhij.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job

Folder::
C:\WINDOWS\luvcrmkb
C:\Program Files\DioCleanerPro
C:\WINDOWS\mjrjpqud
C:\Documents and Settings\All Users\Application Data\third lies itch ford
C:\Program Files\Else plus
C:\Program Files\Circle Developement

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sysmem32"=-
"Itch ford four knob"=-
"Memory_chech"=-
"Clipboard_x"=-
"Kernel"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

+++++++++++++++++++++++
ajoute un nouveau log hijackthis

Message édité par Sham_Rock le 04-02-2008 à 22:05:59

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

rapport
ComboFix 08-02.05.3 - miss-pink 2008-02-05 16:49:06.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\bhij.exe
C:\blhhjtpx.exe
C:\cvbkwtb.exe
C:\kkynn.bat
C:\kkynn.exe
C:\upaq.exe
C:\WINDOWS\fubslaxw.exe
C:\WINDOWS\ghqbqnel.exe
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job
.

hijacktis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\wininet_s3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 11972 bytes

Répondre à hollye tyler

bonsoir

le rapport de Combofix n'est pas complet:

Poste le rapport :C: \Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Mets toi en mode "sans échec" "F4 ou F8, ou les 2 +ctrl+ ou CTRL suppr..., celà depend de ton "settup"....!

supprimes les"restaurations système"

Et fais un scann de ton disque dur....!

Contrairement à ce qu'on dit AVAST est bien....!

------------------------------ vous êtes des bidons......!
Il a rien qui prouve vôtre bonne fois...!

Répondre à jls1

Mais au fait comment fait-ont pour joindre le "modérateur" ?

------------------------------ vous êtes des bidons......!
Il a rien qui prouve vôtre bonne fois...!

Répondre à jls1

Oups je en savais pas qu'il n'etais pas complet:
ComboFix 08-02.05.3 - miss-pink 2008-02-05 16:49:06.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\bhij.exe
C:\blhhjtpx.exe
C:\cvbkwtb.exe
C:\kkynn.bat
C:\kkynn.exe
C:\upaq.exe
C:\WINDOWS\fubslaxw.exe
C:\WINDOWS\ghqbqnel.exe
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job
.

Normalment il est complet

Répondre à hollye tyler

bonjour
jls1

Citation :

Mets toi en mode "sans échec" "F4 ou F8, ou les 2 +ctrl+ ou CTRL suppr..., celà depend de ton "settup"....!

supprimes les"restaurations système"

Et fais un scann de ton disque dur....!

Contrairement à ce qu'on dit AVAST est bien....!

ne jamais toucher à la restauration tant que le pc n'est pas totalement désinfecté!

et Avast est une bouse
Pourquoi changer ? : Avast! vs Antivir

hollye tyler

le rapport de ComboFix n'est toujours pas complet

fait exactement comme suit:
Poste le rapport :C: \Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

Message édité par Sham_Rock le 06-02-2008 à 13:43:15

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

c'est ce que j'ai fait pourtant je ne comprend pas pourquoi je vais dans poste de travail C: ensuite il y a le dossier combofix et ensuite je vois le bloc notes Combofix
C'ets toujours celui là:
ComboFix 08-02.05.3 - miss-pink 2008-02-05 16:49:06.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\bhij.exe
C:\blhhjtpx.exe
C:\cvbkwtb.exe
C:\kkynn.bat
C:\kkynn.exe
C:\upaq.exe
C:\WINDOWS\fubslaxw.exe
C:\WINDOWS\ghqbqnel.exe
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job
.

Répondre à hollye tyler

Quand j'ai fait la rechrche j'ai tapè toput ce que tu as dis et on m'a donner lui:
ComboFix 08-02.05.3 - miss-pink 2008-02-05 16:49:06.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\bhij.exe
C:\blhhjtpx.exe
C:\cvbkwtb.exe
C:\kkynn.bat
C:\kkynn.exe
C:\upaq.exe
C:\WINDOWS\fubslaxw.exe
C:\WINDOWS\ghqbqnel.exe
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job
.

La meme choze

Répondre à hollye tyler

je pense que tu n'as pas attendu la fin de la manipulation

refais un passage comme suit et surtout, laisse l'outil travailler jusqu'au bout car les fichiers infectieux sont toujours présents.

Copie (Ctrl+C) le texte ci-dessous :

Driver::
Vpi56

File::
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\cvbkwtb.exe
C:\kkynn.exe
C:\kkynn.bat
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\fubslaxw.exe
C:\blhhjtpx.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\upaq.exe
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\ghqbqnel.exe
C:\bhij.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job

Folder::
C:\WINDOWS\luvcrmkb
C:\Program Files\DioCleanerPro
C:\WINDOWS\mjrjpqud
C:\Documents and Settings\All Users\Application Data\third lies itch ford
C:\Program Files\Else plus
C:\Program Files\Circle Developement

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sysmem32"=-
"Itch ford four knob"=-
"Memory_chech"=-
"Clipboard_x"=-
"Kernel"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

+++++++++++++++++++++++
ajoute un nouveau log hijackthis

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

J'ai fait et sa a refait la meme chose
:
ComboFix 08-02.05.3 - miss-pink 2008-02-07 16:44:44.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.157 [GMT 1:00]
Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\miss-pink\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\bhij.exe
C:\blhhjtpx.exe
C:\cvbkwtb.exe
C:\kkynn.bat
C:\kkynn.exe
C:\upaq.exe
C:\WINDOWS\fubslaxw.exe
C:\WINDOWS\ghqbqnel.exe
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job
.

Incapable d'obtenir les privilèges Système

RAPORT HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56, on 2008-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 11762 bytes

Répondre à hollye tyler

bonsoir

Citation :

C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\miss-pink\Mes documents\CFScript.txt

voilà le problème. (merci éric ^^)

tu dois enregistrer le doc CFScript.txt sur ton bureau. pas dans mes documents.
puis tu fais un glisser déposer comme sur l'image.

Message édité par Sham_Rock le 07-02-2008 à 23:29:29

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Mme chose je crois!
ComboFix 08-02.05.3 - miss-pink 2008-02-08 16:53:15.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.141 [GMT 1:00]
Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\bhij.exe
C:\blhhjtpx.exe
C:\cvbkwtb.exe
C:\kkynn.bat
C:\kkynn.exe
C:\upaq.exe
C:\WINDOWS\fubslaxw.exe
C:\WINDOWS\ghqbqnel.exe
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job
.

Répondre à hollye tyler

bonsoir

on va passer un outil avant alors, car c'est possible qu'il y ait un problème de priviléges.

important: je suis absent la semaine prochaine, les autres helpers sont prévenus mais s'ils t'oublient, tu peux envoyer un mp à angeldark ou à eric71

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.
Télécharge Look2Me-Destroyer.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
• Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
• Coche Run this program as a task
• Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
• Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M ; les icônes de ton Bureau vont disparaître : c'est normal.
• Lorsque le scan termine, clique sur le bouton Remove L2M
• Un message Done Scanning apparaîtra, clique OK.
• Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer ; clique OK.
• Ton PC va maintenant s'éteindre.
• Démarre ton PC normalement.
• Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
*Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

**Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

***Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/n [...] WINSCK.OCX

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Ok shamrock

Voici le scan:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 2008-02-09 18:49:25

Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{06A2568A-CED6-4187-BB20-400B8C02BE5A}"
HKCR\Clsid\{06A2568A-CED6-4187-BB20-400B8C02BE5A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
HKCR\Clsid\{00F33137-EE26-412F-8D71-F84E4C2C6625}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrateurs - Succeeded

et HIJACKTIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 11806 bytes

Répondre à hollye tyler

Hello

Sham_Rock ayant pris un repos bien mérité , nous allons continuer ensemble

Citation :

Restoring SeDebugPrivilege for Administrateurs - Succeeded

les privilèges sont restaurés , tu peux retenter le CFScript pour voir
si il ne fonctionne toujours pas on changera d'outil

Répondre à Eric_71

Heu..je voulais juste signaler que en fait quand pour combofix vous dites que un ecran bleu aparait et que c'est marké taper 1 ou 2 sa n'parait pas sa il fait direct le scan il redemarre et voila le rapport
:
ComboFix 08-02.05.3 - miss-pink 2008-02-10 12:40:34.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.130 [GMT 1:00]
Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\bhij.exe
C:\blhhjtpx.exe
C:\cvbkwtb.exe
C:\kkynn.bat
C:\kkynn.exe
C:\upaq.exe
C:\WINDOWS\fubslaxw.exe
C:\WINDOWS\ghqbqnel.exe
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job
.

Répondre à hollye tyler

Bon , c'est toujours pareil , c'est bizarre ...

clique sur Demarrer / Panneau de configuration / Options des dossiers , choisis l'onglet Affichage , puis décoche cette option :

et enfin clique sur OK

Sélectionne entièrement le contenu du cadre ci-dessous :

Drivers to unload:
Vpi56

registry keys to delete:
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}"

registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Sysmem32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Kernel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Memory_chech
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Clipboard_x
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Itch ford four knob

Files to delete:
C:\WINDOWS\system32\wininet_s3.dll
C:\WINDOWS\system32\wmedia32.exe
C:\cvbkwtb.exe
C:\kkynn.exe
C:\kkynn.bat
C:\WINDOWS\jmrknipw.dll
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\sdebozqn.exe
C:\WINDOWS\fubslaxw.exe
C:\blhhjtpx.exe
C:\WINDOWS\system32\ssurwwdp.tmp
C:\WINDOWS\system32\sysdamp.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\upaq.exe
C:\WINDOWS\PKYFoNqpC0.exe
C:\WINDOWS\raxenuby.dll
C:\WINDOWS\ghqbqnel.exe
C:\bhij.exe
C:\WINDOWS\system32\kvkeihife.exe
C:\WINDOWS\system32\evdotsncn.exe
C:\WINDOWS\system32\egfobkhg.exe
C:\WINDOWS\system32\lnbvbdhwj.exe
C:\WINDOWS\system32\jtcuzypdy.exe
C:\WINDOWS\system32\pkbxoc.exe
C:\WINDOWS\system32\vuysmi.exe
C:\WINDOWS\system32\cucpdz.exe
C:\WINDOWS\system32\davryhc.exe
C:\WINDOWS\system32\osqalsr.exe
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\riyniu.exe
C:\WINDOWS\system32\waxwidnt.exe
C:\WINDOWS\system32\ljeqbeq.exe
C:\WINDOWS\system32\kamkuz.exe
C:\WINDOWS\system32\Drivers\Vpi56.sys
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\Tasks\AF9AD379916942D1.job

Folders to delete:
C:\WINDOWS\luvcrmkb
C:\Program Files\DioCleanerPro
C:\WINDOWS\mjrjpqud
C:\Documents and Settings\All Users\Application Data\third lies itch ford
C:\Program Files\Else plus
C:\Program Files\Circle Developement

Puis clique droit , choisis Copier
Ouvre le Bloc-Note , clique droit , choisis Coller afin de coller le contenu du cadre ci-dessus
Vérifie qu'il ne manque aucune ligne avant de continuer !
Enregistre le fichier sur ton bureau , nomme le remove.txt

Télécharge The Avenger < ici

Dézippe le contenu de l'archive sur ton bureau et pas ailleurs !
Double-clique sur avenger.exe et clique sur Ok
Sélectionne Load Script from File et clique sur l'icône en forme de dossier
Sélectionne le fichier remove.txt qui est sur ton bureau

Clique sur le feu vert pour lancer le script puis Clique sur Oui
Accepte de redémarrer ton pc
Une fois redémarré , Copie / Colle le rapport généré ( C:\avenger.txt )

ATTENTION , ci vous n'êtes pas la personne concernée ,
n'appliquez EN AUCUN CAS cette procédure ,
vous risqueriez d'endommager votre PC !!

------------------------------ - Comment Fixer avec HiJackThis -
- Mode Sans Echec -
Répondre à Eric_71

Voila la rapport:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tdkikjwi

*******************

Script file located at: \??\C:\jpbfgifw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver Vpi56 unloaded successfully.
File C:\WINDOWS\system32\wininet_s3.dll deleted successfully.
File C:\WINDOWS\system32\wmedia32.exe deleted successfully.
File C:\cvbkwtb.exe deleted successfully.
File C:\kkynn.exe deleted successfully.
File C:\kkynn.bat deleted successfully.
File C:\WINDOWS\jmrknipw.dll deleted successfully.
File C:\WINDOWS\system32\rxjddnvj.exe deleted successfully.
File C:\WINDOWS\sdebozqn.exe deleted successfully.
File C:\WINDOWS\fubslaxw.exe deleted successfully.
File C:\blhhjtpx.exe deleted successfully.
File C:\WINDOWS\system32\ssurwwdp.tmp deleted successfully.
File C:\WINDOWS\system32\sysdamp.exe deleted successfully.
File C:\WINDOWS\system32\drivers\smss.exe deleted successfully.
File C:\WINDOWS\system32\drivers\csrss.exe deleted successfully.
File C:\WINDOWS\system32\drivers\alg.exe deleted successfully.
File C:\upaq.exe deleted successfully.
File C:\WINDOWS\PKYFoNqpC0.exe deleted successfully.
File C:\WINDOWS\raxenuby.dll deleted successfully.
File C:\WINDOWS\ghqbqnel.exe deleted successfully.
File C:\bhij.exe deleted successfully.
File C:\WINDOWS\system32\kvkeihife.exe deleted successfully.
File C:\WINDOWS\system32\evdotsncn.exe deleted successfully.
File C:\WINDOWS\system32\egfobkhg.exe deleted successfully.
File C:\WINDOWS\system32\lnbvbdhwj.exe deleted successfully.
File C:\WINDOWS\system32\jtcuzypdy.exe deleted successfully.
File C:\WINDOWS\system32\pkbxoc.exe deleted successfully.
File C:\WINDOWS\system32\vuysmi.exe deleted successfully.
File C:\WINDOWS\system32\cucpdz.exe deleted successfully.
File C:\WINDOWS\system32\davryhc.exe deleted successfully.
File C:\WINDOWS\system32\osqalsr.exe deleted successfully.
File C:\WINDOWS\system32\suzamw.exe deleted successfully.
File C:\WINDOWS\system32\ouikbpazv.exe deleted successfully.
File C:\WINDOWS\system32\riyniu.exe deleted successfully.
File C:\WINDOWS\system32\waxwidnt.exe deleted successfully.
File C:\WINDOWS\system32\ljeqbeq.exe deleted successfully.
File C:\WINDOWS\system32\kamkuz.exe deleted successfully.

File C:\WINDOWS\system32\Drivers\Vpi56.sys not found!
Deletion of file C:\WINDOWS\system32\Drivers\Vpi56.sys failed!

Could not process line:
C:\WINDOWS\system32\Drivers\Vpi56.sys
Status: 0xc0000034

File C:\WINDOWS\system32\msole32.exe deleted successfully.
File C:\WINDOWS\system32\wml.exe deleted successfully.
File C:\WINDOWS\system32\vxddsk.exe deleted successfully.
File C:\WINDOWS\Tasks\AF9AD379916942D1.job deleted successfully.

Folder C:\WINDOWS\luvcrmkb not found!
Deletion of folder C:\WINDOWS\luvcrmkb failed!

Could not process line:
C:\WINDOWS\luvcrmkb
Status: 0xc0000034

Folder C:\Program Files\DioCleanerPro not found!
Deletion of folder C:\Program Files\DioCleanerPro failed!

Could not process line:
C:\Program Files\DioCleanerPro
Status: 0xc0000034

Folder C:\WINDOWS\mjrjpqud not found!
Deletion of folder C:\WINDOWS\mjrjpqud failed!

Could not process line:
C:\WINDOWS\mjrjpqud
Status: 0xc0000034

Folder C:\Documents and Settings\All Users\Application Data\third lies itch ford not found!
Deletion of folder C:\Documents and Settings\All Users\Application Data\third lies itch ford failed!

Could not process line:
C:\Documents and Settings\All Users\Application Data\third lies itch ford
Status: 0xc0000034

Folder C:\Program Files\Else plus not found!
Deletion of folder C:\Program Files\Else plus failed!

Could not process line:
C:\Program Files\Else plus
Status: 0xc0000034

Folder C:\Program Files\Circle Developement not found!
Deletion of folder C:\Program Files\Circle Developement failed!

Could not process line:
C:\Program Files\Circle Developement
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Sysmem32 deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Kernel deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Memory_chech deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Clipboard_x deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Itch ford four knob deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Répondre à hollye tyler

Ah , ça fait un bon ménage

Reposte un HiJackThis

Répondre à Eric_71

Ok =)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 11332 bytes

Répondre à hollye tyler

Re ,

Relance HiJackThis clique cette fois sur [do a system scan only]
coche dans les cases à gauche les lignes suivantes ( et uniquement celles-ci ) :

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll

et clique sur [Fix checked] ( en bas à gauche )
A la demande de confirmation , répond Oui

---------------------------------------------------

Supprime :

C:\Program Files\Macrogaming\SweetIMBarForIE
C:\Program Files\speed-bit

reposte un Hijackthis

Répondre à Eric_71

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 9059 bytes

Répondre à hollye tyler

Ok ,

c'est bien plus clair

Télécharge Clean < ici

décompresse-le sur ton bureau ( extraire tous les fichiers) , tu obtient un dossier clean
Ouvre le dossier clean, double-clique sur clean.cmd ( le .cmd peut ne pas apparaitre )
choisis l'option 1 puis patiente

un rapport est généré , poste ce rapport ( C:\rapport_clean.txt )

Répondre à Eric_71

Rapoort:

2008-02-11 a 11:40:22.93

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\hotporn.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
C:\WINDOWS\764.exe FOUND
C:\WINDOWS\pbar.dll FOUND
C:\WINDOWS\flt.dll FOUND
C:\WINDOWS\7search.dll FOUND
C:\WINDOWS\system\svchost.exe FOUND

Répondre à hollye tyler

Re ,

ben y'en à encore

redemarre en mode sans echec : >> Comment démarrer en mode Sans Echec <<

Ouvre le dossier clean, double-clique sur clean.cmd
Choisis l'option 2 et patiente
Redémarre normalement

Poste le rapport ( C:\rapport_clean.txt )

Répondre à Eric_71

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 2008-02-11 a 22:03:51.26

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\hotporn.exe

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin
tentative de suppression de C:\WINDOWS\764.exe
tentative de suppression de C:\WINDOWS\pbar.dll
tentative de suppression de C:\WINDOWS\flt.dll
tentative de suppression de C:\WINDOWS\7search.dll
tentative de suppression de C:\WINDOWS\system\svchost.exe

Répondre à hollye tyler

Ok

Télécharge ToolsCleaner2 < ici

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter] , ceci va créer un rapport
Poste le rapport ( C:\TCleaner.txt )

----------------------------------------------------

Fais un scan en ligne Kaspersky < ici avec Internet Explorer !

Clique sur Demarrer Online-Scanner ( en bas à droite )
Clique sur J'accepte , si necessaire valide l'installation des ActiveX
laisse installer les Mises à jour , choisis l'analyse du Poste de travail

à la fin de l'analyse , Sauvegarde le rapport puis colle le dans ta réponse

Si tu vois ce message : La licence de Kaspersky On-line Scanner est périmée
vas dans Ajout / Suppression de programmes et désinstalle On-Line Scanner
retourne sur le site et retente le scan

Répondre à Eric_71

rapport Tcleaner:
-->- Recherche:

C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\miss-pink\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\miss-pink\Bureau\avenger.zip: trouvé !
C:\Documents and Settings\miss-pink\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\miss-pink\Bureau\Look2Me-Destroyer.exe: trouvé !
C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\tar.exe: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\remove.reg: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\pskill.exe: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\LFiles.exe: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\gzip.exe: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\delr.cmd: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\del3.cmd: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\del2.cmd: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\clean.cmd: trouvé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\cherche.cmd: trouvé !
C:\Documents and Settings\miss-pink\Local Settings\Temp\Répertoire temporaire 1 pour avenger.zip\avenger.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\miss-pink\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\miss-pink\Bureau\avenger.zip: supprimé !
C:\Documents and Settings\miss-pink\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\miss-pink\Bureau\Look2Me-Destroyer.exe: supprimé !
C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\tar.exe: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\remove.reg: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\pskill.exe: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\LFiles.exe: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\gzip.exe: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\delr.cmd: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\del3.cmd: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\del2.cmd: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\clean.cmd: supprimé !
C:\Documents and Settings\miss-pink\Bureau\clean\clean\cherche.cmd: supprimé !
C:\Documents and Settings\miss-pink\Local Settings\Temp\Répertoire temporaire 1 pour avenger.zip\avenger.exe: Erreur de suppression !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Pour kasperskys a beugue sa ne marche pas pour l'instant il y a toujours un problème de connexion

Répondre à hollye tyler

Re ,

Citation :

Pour kasperskys a beugue sa ne marche pas pour l'instant il y a toujours un problème de connexion

Humm .. tu le fais bien avec Internet Explorer hein ? pas un autre navigateur ?

Répondre à Eric_71

Oui je n'ai que ca internet explorer

Répondre à hollye tyler

Ok ,

On va bien en trouver un qui fonctionne :

BitDefender <~ ici
Panda <~ ici
Trend Micro <~ ici

Répondre à Eric_71

Voila le raport :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-14 11:01:50
PROTECTIONS: 1
MALWARE: 70
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1098 [VPS 080213-1] 4.7.1098 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\wuse.1
00027660 adware/savenow Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{763bd795-24ae-44d7-82d8-f9a1ee799729}
00035917 adware/ist.sidefind Adware No 0 Yes No hkey_classes_root\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}
00040319 adware/activesearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F02779-6D88-4958-8AD3-83C12D86ADC7}
00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9147a0a-a866-4214-b47c-da821891240f}
00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
00040735 adware/whenusearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
00040735 adware/whenusearch Adware No 0 Yes No hkey_classes_root\wuse.1
00047327 adware/adsincontext Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{029E02F0-A0E5-4B19-B958-7BF2DB29FB13}
00048242 adware/404search Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}
00120993 adware/deskwizz Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4dfb-9693-23AB7686A456}
00132710 dialer.xd Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44A1-9F4543D34546}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@tribalfusion[1].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@as-eu.falkag[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@mediaplex[1].txt
00147424 Cookie/Luckynugget TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.luckynugget[1].txt
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@pacificpoker[2].txt
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@casinotropez[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@revenue[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@fe.lea.lycos[2].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg.hitbox[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@statcounter[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@perf.overture[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@apmebf[1].txt
00168068 Cookie/Lop TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.lop[2].txt
00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@bilbo.counted[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[3].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@weborama[3].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@server.iad.liveperson[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@zedo[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@metriweb[1].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@cassava[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@searchportal.information[2].txt
00206648 adware/activshopper Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
00206648 adware/activshopper Adware No 0 Yes No c:\program files\e-zshopper
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adviva[2].txt
00218901 adware/adbars Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51641EF3-8A7A-4D84-8659-B0911E947CC8}
00221182 adware/eshopper Adware No 0 Yes No c:\windows\system32\eshopee.exe
00235137 application/activitymon HackTools No 0 Yes No c:\program files\amsys
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@atwola[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@smartadserver[2].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg-dig.hitbox[2].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\68993.exe
02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\71949.exe
02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\86325.exe
02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\22741.exe
02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\38207.exe
02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\29242.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Par contre au dessous c'etait marquè desinfecter mais je ne peux pas le faire car il faut s'inscrire

Répondre à hollye tyler

Re ,

Télécharge OTMoveIt2 < ici

Sauvegarde-le sur ton Bureau
Séléctionne l'encadré ci-dessous , puis Clique droit , puis Copier :

C:\Documents and Settings\miss-pink\Cookies\miss-pink@trafficmp[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@casalemedia[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@doubleclick[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@atdmt[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@tradedoubler[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@247realmedia[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@fastclick[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@tribalfusion[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@as-eu.falkag[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@mediaplex[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.luckynugget[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@pacificpoker[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@casinotropez[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@revenue[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@findwhat[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@com[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@xiti[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@fe.lea.lycos[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg.hitbox[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@azjmp[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@toplist[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@statcounter[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@perf.overture[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@apmebf[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.lop[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@bilbo.counted[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@burstnet[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@serving-sys[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@bs.serving-sys[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[3].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@as1.falkag[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@weborama[3].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adtech[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@server.iad.liveperson[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@fl01.ct2.comclick[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@advertising[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@statse.webtrendslive[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@ads.pointroll[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@overture[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@realmedia[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@questionmarket[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@zedo[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@metriweb[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@cassava[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adultfriendfinder[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@go[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@searchportal.information[2].txt
c:\program files\e-zshopper
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adviva[2].txt
c:\windows\system32\eshopee.exe
c:\program files\amsys
C:\Documents and Settings\miss-pink\Cookies\miss-pink@atwola[1].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@smartadserver[2].txt
C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg-dig.hitbox[2].txt
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\68993.exe
C:\WINDOWS\71949.exe
C:\WINDOWS\86325.exe
C:\WINDOWS\22741.exe
C:\WINDOWS\38207.exe
C:\WINDOWS\29242.exe

Lance maintenant OTMoveIt en double cliquant sur OTMoveIt.exe
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis Coller
Enfin , clique sur [MoveIt!]

Il est possible qu'il te demande de redemarrer , accepte en cliquant sur YES
Poste le rapport généré ( C:\_OTMoveIt\MovedFiles\date de création )

-----------------------------------------------------------

Télécharge ce fichier : http://cjoint.com/?cotlKdnvMS

Décompresse le sur ton bureau , double clique dessus et accèpte l'inscription des données

-----------------------------------------------------------

Tu as toujours des problèmes ?

Répondre à Eric_71

Bah nan maintenant il n'ya plus de pubs, mon arière plan est toujour le meme il ne mettent plus l'ecran bleu^^
Rapport:
C:\Documents and Settings\miss-pink\Cookies\miss-pink@trafficmp[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@casalemedia[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@doubleclick[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@atdmt[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@tradedoubler[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@247realmedia[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@fastclick[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@tribalfusion[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@as-eu.falkag[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@mediaplex[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.luckynugget[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@pacificpoker[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@casinotropez[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@revenue[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@findwhat[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@com[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@xiti[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@fe.lea.lycos[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg.hitbox[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@azjmp[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@toplist[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@statcounter[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@perf.overture[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@apmebf[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.lop[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@bilbo.counted[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@burstnet[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@serving-sys[1].txt moved successfully.
File/Folder C:\Documents and Settings\miss-pink\Cookies\miss-pink@bs.serving-sys[2].txt not found.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[3].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@as1.falkag[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@weborama[3].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adtech[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@server.iad.liveperson[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@fl01.ct2.comclick[1].txt moved successfully.
File/Folder C:\Documents and Settings\miss-pink\Cookies\miss-pink@advertising[1].txt not found.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@statse.webtrendslive[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@ads.pointroll[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@overture[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@realmedia[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@questionmarket[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@zedo[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@metriweb[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@cassava[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adultfriendfinder[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@go[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@searchportal.information[2].txt moved successfully.
c:\program files\e-zshopper moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@adviva[2].txt moved successfully.
c:\windows\system32\eshopee.exe moved successfully.
c:\program files\amsys moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@atwola[1].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@smartadserver[2].txt moved successfully.
C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg-dig.hitbox[2].txt moved successfully.
C:\WINDOWS\PSEXESVC.EXE moved successfully.
C:\WINDOWS\68993.exe moved successfully.
C:\WINDOWS\71949.exe moved successfully.
C:\WINDOWS\86325.exe moved successfully.
C:\WINDOWS\22741.exe moved successfully.
C:\WINDOWS\38207.exe moved successfully.
C:\WINDOWS\29242.exe moved successfully.

OTMoveIt2 v1.0.20 log created on 02142008_204652

Mais esq'uil y a toujours les virus, est-ce que je peux effacer fin, suprimer les autres logiciels que vous m'avez fait installer

Répondre à hollye tyler

Re ,

Citation :

Mais esq'uil y a toujours les virus

Non , cette fois c'est tout bon

Citation :

suprimer les autres logiciels que vous m'avez fait installer

On vérifie un dernier détail , reposte un HiJackThis

------------------------------ - Comment Fixer avec HiJackThis -
- Mode Sans Echec -
Répondre à Eric_71

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16, on 2008-02-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\lphant\eLePhantClient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\miss-pink\Bureau\PhotoFiltre.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/up [...] _08370.jpg

--
End of file - 9306 bytes

Répondre à hollye tyler

Re ,

C'est ok ,

Désinstalle Avast! et remplace le par Antivir

Regarde ici : Antivirus : Lequel choisir ? Comment fonctionne-t-il ?

Répondre à Eric_71

Pourquoi desinstaller avast il est super =)

Répondre à hollye tyler

Citation :

Pourquoi desinstaller avast il est super =)

:??: tu as lu le lien que je t'ai donné sur les Antivirus ?

On voit tous les jours des centaines de personnes infectées et 9 sur 10 ont Avast , si toutes ces personnes avait Antivir à la place déjà la moitié d'entre elles ne seraient pas venues car elles ne se seraient pas fait infecter ( cela n'empêche pas qu'un Antivirus ne protège pas de tout )

Tu peux choisir de le garder , mais sache que tu n'es pas protégé correctement.

------------------------------ - Comment Fixer avec HiJackThis -
- Mode Sans Echec -
Répondre à Eric_71

Ok j'ai compris c'est mieux que j'installe celui là

Répondre à hollye tyler

Donne ton avis en vidéo

Les derniers dossiers

Test : Nokia N97, un vrai clavier, du Wi-Fi, un grand écran tactile...

Les bonnes raisons pour ne pas passer à l'iPhone 3G S

Faut-il craquer pour une TV à Led ?

Clés USB : capacité ou vitesse, le comparatif

Téléchargement

Liens commerciaux

Attention