s'il vous plait venez à mon aide je pense que j'ai peux plus rien sans vous (1/1)

La discussion « s'il vous plait venez à mon aide je pense que j'ai peux plus rien sans vous » se trouve dans le forum « Virus, troyens, etc... »

	s'il vous plait venez à mon aide je pense que j'ai peux plus rien sans vous	Page: 1/1
	» Liste des Forums » Virus, troyens, etc... » Discussion

Participer Partager

Répondre à la discussion

Créer une discussion

Partager:

Facebook

Twitter

Envoyer à un ami

4 messages dans la rubrique Virus, troyens, etc...

Le 9-10-2008 à 23:22 #

Salut,
merci vous existez, excusez moi de vous déranger mais là 3 jours sur un virus je ne peux plus, mon ordi à un virus je suis sous xp familial j'ai fais virtumundobegone il ne trouve rien malwarebytes anti malware 5 infecte 2 virus, je supprimé mais le virus presiste,il se presente avant demarrage des sessions windows se lance puis tout noir une page noire avec le virus qui est un antyspyraware rouge puis il disparait l'ouverture,ce fait j'entre dans ma session super long et là plein de son sans que je vois de fenetre, des fenetres pour que m'abonne à ce fameux spyware, et deconnection ca c recent de mon ordi avec ecran bleu ecrit un nouveau materiel à ete detecte...rien de nouveau biensur j'ai reparer 2 fois en 2 jours xp avec cd pour pouvoir ouvrir ma session parce que à ce moment là completement bloqué j'ai fait vundofix aucun virus detecteé je vous envoie le rapport hijackthis merci si vous pouvez m'aidez mille merci et bravo d'exister combien de fois de loin vs m'avez sauve bisous à toutes et tous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:41, on 09/10/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\akr4.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\WINDOWS\Temp\.ttE.tmp.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {56F5E613-1238-4389-8FD9-628E6AFFA9AD} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {852990B5-0FF8-4080-AABF-D9206CE44A93} - C:\WINDOWS\system32\wvUmliGA.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {C7E59FAB-27B9-4782-9B37-878545669780} - C:\WINDOWS\System32\bacp.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\WinSecureAv\bm.exe" dm=http://winsecureav.com ad=http://winsecureav.com sd=http://ykeeper.winsecureav.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSecureAv\ptask.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [inrhc7n1j0el1l] C:\WINDOWS\Temp\.ttE.tmp.exe /CR=BF41E8B2D96ED8F141145E40F597DD5398F8A57710811E2F97EEEDF45DFE9B8822870B9407C26CC16FE7FA56E5D72B64F105167EA4B4491C6560A0778D690FDD18354BD6F0CCF2162344D608013BB37920089030239D8A
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [lphc3n1j0el1l] C:\WINDOWS\System32\lphc3n1j0el1l.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\System32\mwsrvacc.exe /run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [A00FE758AB.exe] C:\DOCUME~1\karine\LOCALS~1\Temp\_A00FE758AB.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [Instant Access] C:\WINDOWS\System32\mwsrvacc.exe /run (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [A00FE758AB.exe] C:\DOCUME~1\karine\LOCALS~1\Temp\_A00FE758AB.exe (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {DD50A491-8F09-4EE7-8E13-806160618B2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DD50A491-8F09-4EE7-8E13-806160618B2A} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22e8c0611f93793e7817/netzip/RdxIE601_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} (Ulysse Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Penelope.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {90D610E8-F6D0-4AD4-93CE-178A46F8C412} (Hamlet Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Ophelie.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B476485-F721-4F0F-B914-9007A3DE588E}: NameServer = 85.255.114.58,85.255.112.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {72E53A21-BB9A-4E29-8C50-A636EBCD45F7} - C:\WINDOWS\System32\bacp.dll
O18 - Filter: text/plain - {72E53A21-BB9A-4E29-8C50-A636EBCD45F7} - C:\WINDOWS\System32\bacp.dll
O20 - Winlogon Notify: cbXPgDWm - cbXPgDWm.dll (file missing)
O20 - Winlogon Notify: ojamynen - C:\WINDOWS\SYSTEM32\ojamynen.dll
O20 - Winlogon Notify: __c00B1224 - C:\WINDOWS\system32\__c00B1224.dat (file missing)
O21 - SSODL: KfJNdYrMuJyfWB - {A80A8161-02A0-2BCB-6576-E3929D9B4382} - C:\WINDOWS\System32\mpps.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Service CANALPLAY - Unknown owner - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (file missing)
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16440 bytes

6571 messages dans la rubrique Virus, troyens, etc...

633 messages dans la rubrique Dépannage Informatique

337 messages dans la rubrique Aide aux devoirs

18 ans.

Le 9-10-2008 à 23:34 #

Olalala en effet, tu est vraiment infecté, donc manip un peu longue, et on vas refaire malwarebyte's pour avoir le rapport:

Télécharger sur le bureau Malwarebyte's Anti-Malware

=> double-clic sur mbam-setup pour lancer l'installation
=> Installer simplement sans rien modifier
=> Quand le programme lancé ==> onglet Mise à jour cliquer sur => Recherche de mise à jour
Onglet Recherche => cocher Exécuter un examen complet
=> Clic Rechercher
=> Eventuellement décocher les disque à ne pas analyser
=> Clic Lancer l'examen
=> En fin de scan , si infection trouvée
==> Clic Afficher résultat
=> Fermer vos applications en cours
=> Vérifier si tout est coché et clic Supprimer la sélection

=> un rapport s'ouvre le copier et le coller dans la réponse

+

Télécharger et enregistrer sur le bureau Combofix

=> Désactive l'antivirus
=> Double-clic sur Combofix
=> Presser 1 quand demandé
=> Attendre la fermeture de l’outil ( 5 à 10 mn)
=> Copier/coller le rapport dans la réponse
=> Un rapport dans C:\Combofix.txt à mettre dans la réponse
=> Qoobox dans C:\ à supprimer

----------------

Redémarre le pc, puis:

Télécharger Fixwareout.exe
=> Installer
=> une fenêtre DOS s’ouvre ==> appuyer sur une touche
=> Un message en anglais ( demandant le redémarrage du PC) ==> Clic OK ( ou oui )
Note : le redémarrage est assez long ( il faut cliquer plusieures fois OK)
=>Copier et coller le rapport dans la réponse (C:\fixwareout\report.txt)
=> supprimer Fixwareout sur le bureau
Et dans C:\ ==> Fixwareout et dnsback

=> redémarrer le PC

------------

Désinstalle avast qui n'a vraiment pas fais son travail là, et installe Antivir, met le à jour et fais un scan avec et poste le rapport

-------

Fais un scan Hijack pour virer les dernieres infections

(Modifié par Ichigo11 le 09-10-2008 à 23:35)

(Modifié par Ichigo11 le 09-10-2008 à 23:36)

Le 10-10-2008 à 13:02 #

re bonjour merci beaucoup de m'avoir repondu aussi vite
j'ai fais malwarebyte's comme tu me l'as indiqué mais je ne sais ou est le rapport parce que l'ordi c'est fermé puis rallumé puis j'ai fais combofix voilà le rapport
en ce qui concerne malwarebytes il avait trouvé 39 infection que j'ai supprimé mais il n'a pas pu tt enlever et combofix cherchait le dossier whisher pas sur de l'orthographe car pas eu le temps de noter
je continu comme tu m'as dis et je te mais l'autre rapport ensuite merci de ton aide
ComboFix 08-10-09.06 - karine 2008-10-10 9:59:04.1 - NTFSx86

Lancé depuis: C:\Documents and Settings\karine\Bureau\ComboFix.exe

[COLOR=RED]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Seekmo
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Seekmo\Reset Cursor.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Seekmo\Seekmo Customer Support Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Seekmo\Seekmo Uninstall Instructions.lnk
C:\Documents and Settings\guitarine\Application Data\Hotbar
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383356.sdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385502.sdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387545.sdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\316149.sdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\3268.dat
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\244883
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34513
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52968
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\57973
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59283
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\703600
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705021
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705060
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705142
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705150
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80193
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97507
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3268.dat
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtone.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\guitarine\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\karine\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\karine\ResErrors.log
C:\Program Files\SoftwareOnline
C:\Program Files\SoftwareOnline\soproc.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\AGilmUvw.ini
C:\WINDOWS\system32\AGilmUvw.ini2
C:\WINDOWS\system32\BeMSCfii.ini
C:\WINDOWS\system32\BeMSCfii.ini2
C:\WINDOWS\system32\bgjmsiht.ini
C:\WINDOWS\system32\blphc3n1j0el1l.scr
C:\WINDOWS\system32\bnyocxrf.ini
C:\WINDOWS\system32\caxnqdmi.ini
C:\WINDOWS\system32\ccjtxwyk.ini
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res3\WhiteList.dbs
C:\WINDOWS\system32\cyosabhm.ini
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\dwsshref.ini
C:\WINDOWS\system32\dwsshref.ini2
C:\WINDOWS\system32\dwsshref.tmp
C:\WINDOWS\system32\efbqevsi.ini
C:\WINDOWS\system32\fujijarp.ini
C:\WINDOWS\system32\hwnuwvpd.ini
C:\WINDOWS\system32\iipguody.ini
C:\WINDOWS\system32\ikpqyqib.ini
C:\WINDOWS\system32\kffixgxw.ini
C:\WINDOWS\system32\klnnvkos.ini
C:\WINDOWS\system32\lbvmlhtk.ini
C:\WINDOWS\system32\lphc3n1j0el1l.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nosbhuol.ini
C:\WINDOWS\system32\nrwbgfqy.ini
C:\WINDOWS\system32\nwfhmdvh.ini
C:\WINDOWS\system32\oawmyitf.ini
C:\WINDOWS\system32\ojamynen.dll
C:\WINDOWS\system32\oqgkrtbi.ini
C:\WINDOWS\system32\oubiouki.ini
C:\WINDOWS\system32\phc3n1j0el1l.bmp
C:\WINDOWS\system32\qgrwybbd.ini
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qsjjwshc.ini
C:\WINDOWS\system32\qsxdrxrr.ini
C:\WINDOWS\system32\rqtsdelb.ini
C:\WINDOWS\system32\tgmtevmm.ini
C:\WINDOWS\system32\tgvbqhmk.ini
C:\WINDOWS\system32\tqmujbnf.ini
C:\WINDOWS\system32\tqugyjud.ini
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak2
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ukkyqsie.ini
C:\WINDOWS\system32\uncpicms.ini
C:\WINDOWS\system32\usdhnmad.ini
C:\WINDOWS\system32\vudvmuip.ini
C:\WINDOWS\system32\wmdysfla.ini
C:\WINDOWS\system32\wtghtrxc.ini
C:\WINDOWS\system32\xrfpuhnf.ini
C:\WINDOWS\system32\yvhueuql.ini
C:\xcrashdump.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.91.228.184
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP
-------\Legacy_ICF
-------\Legacy_TCPSR

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-10 au 2008-10-10 ))))))))))))))))))))))))))))))))))))
.

2008-10-10 10:09 . 2008-10-10 10:16 6,784 --a------ C:\WINDOWS\system32\drivers\tcpsr.sys
2008-10-10 04:36 . 2008-10-10 04:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 04:36 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 04:36 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 22:22 . 2008-10-09 22:31 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-10-09 22:22 . 2008-10-09 22:22 <REP> d-------- C:\WINDOWS\Historique
2008-10-09 22:22 . 2008-10-09 22:26 <REP> d-------- C:\WINDOWS\Fichiers d'installation de Windows Update
2008-10-09 21:51 . 2008-10-09 21:51 <REP> d-------- C:\VundoFix Backups
2008-10-09 19:00 . 2008-10-09 19:00 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-09 12:52 . 2008-10-09 20:18 535,908,352 --a------ C:\WINDOWS\MEMORY.DMP
2008-10-09 11:59 . 2008-10-09 11:59 4,364,656 --a------ C:\upload_moi_PARAT-X7TFEBQEF.tar.gz
2008-10-09 11:20 . 2002-06-28 21:22 684,081 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-10-09 11:19 . 2002-06-28 21:22 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-10-09 11:18 . 2001-08-23 17:47 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-10-09 11:16 . 2008-10-09 22:31 <REP> d-------- C:\WINDOWS\LastGood
2008-10-09 11:11 . 2008-10-09 11:11 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-09 11:10 . 2008-10-09 11:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-09 11:10 . 2008-10-09 11:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-09 11:10 . 2008-10-09 11:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-09 11:10 . 2008-10-09 11:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-09 11:06 . 2001-08-17 20:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-08 19:24 . 2008-10-08 19:23 24,576 --a------ C:\WINDOWS\system32\msader15.dll
2008-10-08 19:16 . 2008-10-08 19:16 910,336 --a------ C:\WINDOWS\system32\msoeres.dll
2008-10-08 19:13 . 2008-10-08 19:14 3,961,072 --a------ C:\WINDOWS\system32\WindowsXP-KB894391-ia64-ENU.exe
2008-10-08 19:00 . 2008-10-08 19:00 910,336 --a------ C:\WINDOWS\system32\msoeres.dll.dap
2008-10-08 18:02 . 2008-10-08 18:02 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-08 17:56 . 2002-06-28 21:20 256,512 --a------ C:\WINDOWS\system32\mstask.dll
2008-10-08 17:56 . 2002-06-28 21:20 256,512 --a--c--- C:\WINDOWS\system32\dllcache\mstask.dll
2008-10-08 17:56 . 2002-06-28 21:20 160,768 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-10-08 17:56 . 2002-06-28 21:20 160,768 --a--c--- C:\WINDOWS\system32\dllcache\schedsvc.dll
2008-10-08 17:56 . 2002-06-28 21:00 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2008-10-08 17:56 . 2002-06-28 21:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwphbk.dll
2008-10-08 17:56 . 2002-06-28 21:20 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2008-10-08 17:56 . 2002-06-28 21:20 9,728 --a--c--- C:\WINDOWS\system32\dllcache\mstinit.exe
2008-10-08 17:55 . 2002-06-28 21:00 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2008-10-08 17:55 . 2002-06-28 21:00 274,432 --a--c--- C:\WINDOWS\system32\dllcache\inetcfg.dll
2008-10-08 17:55 . 2002-06-28 21:01 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2008-10-08 17:55 . 2002-06-28 21:01 81,920 --a--c--- C:\WINDOWS\system32\dllcache\isign32.dll
2008-10-08 17:55 . 2002-06-28 21:00 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2008-10-08 17:55 . 2002-06-28 21:00 69,632 --a--c--- C:\WINDOWS\system32\dllcache\icwdial.dll
2008-10-08 17:54 . 2002-06-28 21:14 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-10-08 17:54 . 2002-06-28 21:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe
2008-10-08 17:53 . 2002-06-28 21:00 159,744 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll
2008-10-08 17:53 . 2002-06-28 21:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-10-08 17:53 . 2002-06-28 21:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-10-08 17:53 . 2002-06-28 21:00 57,344 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll
2008-10-08 17:53 . 2002-06-28 21:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll
2008-10-08 17:52 . 2002-06-28 20:58 557,128 --a--c--- C:\WINDOWS\system32\dllcache\dao360.dll
2008-10-08 17:52 . 2002-06-28 21:00 213,504 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-10-08 17:52 . 2002-06-28 21:11 213,075 --a--c--- C:\WINDOWS\system32\dllcache\sqlxmlx.dll
2008-10-08 17:51 . 2002-06-28 21:06 413,696 --a--c--- C:\WINDOWS\system32\dllcache\oledb32.dll
2008-10-08 17:51 . 2002-06-28 21:03 188,416 --a--c--- C:\WINDOWS\system32\dllcache\msdaps.dll
2008-10-08 17:51 . 2002-06-28 21:03 86,016 --a--c--- C:\WINDOWS\system32\dllcache\msdatl3.dll
2008-10-08 17:51 . 2002-06-28 21:06 77,824 --a--c--- C:\WINDOWS\system32\dllcache\oledb32r.dll
2008-10-08 17:51 . 2002-06-28 21:03 73,728 --a--c--- C:\WINDOWS\system32\dllcache\msdaosp.dll
2008-10-08 17:51 . 2002-06-28 21:04 24,576 --a--c--- C:\WINDOWS\system32\dllcache\msxactps.dll
2008-10-08 17:50 . 2002-06-28 21:03 303,104 --a--c--- C:\WINDOWS\system32\dllcache\msdasql.dll
2008-10-08 17:50 . 2002-06-28 21:03 221,184 --a--c--- C:\WINDOWS\system32\dllcache\msdaora.dll
2008-10-08 17:50 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdatt.dll
2008-10-08 17:50 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdasqlr.dll
2008-10-08 17:50 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdaorar.dll
2008-10-08 17:50 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdaurl.dll
2008-10-08 17:50 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdasc.dll
2008-10-08 17:50 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdaer.dll
2008-10-08 17:49 . 2002-06-28 21:03 81,920 --a--c--- C:\WINDOWS\system32\dllcache\msado26.tlb
2008-10-08 17:49 . 2002-06-28 21:03 81,920 --a--c--- C:\WINDOWS\system32\dllcache\msado25.tlb
2008-10-08 17:49 . 2002-06-28 21:03 53,248 --a--c--- C:\WINDOWS\system32\dllcache\msadrh15.dll
2008-10-08 17:49 . 2002-06-28 21:03 49,152 --a--c--- C:\WINDOWS\system32\dllcache\msador15.dll
2008-10-08 17:49 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdaenum.dll
2008-10-08 17:49 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdadc.dll
2008-10-08 17:48 . 2002-06-28 21:03 61,440 --a--c--- C:\WINDOWS\system32\dllcache\msado21.tlb
2008-10-08 17:48 . 2002-06-28 21:03 61,440 --a--c--- C:\WINDOWS\system32\dllcache\msado20.tlb
2008-10-08 17:48 . 2002-06-28 21:03 28,672 --a--c--- C:\WINDOWS\system32\dllcache\msader15.dll
2008-10-08 17:47 . 2002-06-28 21:03 180,224 --a--c--- C:\WINDOWS\system32\dllcache\msdaprst.dll
2008-10-08 17:47 . 2002-06-28 21:03 110,592 --a--c--- C:\WINDOWS\system32\dllcache\msdarem.dll
2008-10-08 17:47 . 2002-06-28 21:03 32,768 --a--c--- C:\WINDOWS\system32\dllcache\msdfmap.dll
2008-10-08 17:47 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdaremr.dll
2008-10-08 17:46 . 2002-06-28 21:03 147,456 --a--c--- C:\WINDOWS\system32\dllcache\msadds.dll
2008-10-08 17:46 . 2002-06-28 21:03 57,344 --a--c--- C:\WINDOWS\system32\dllcache\msadcf.dll
2008-10-08 17:46 . 2002-06-28 21:03 53,248 --a--c--- C:\WINDOWS\system32\dllcache\msadcs.dll
2008-10-08 17:46 . 2002-06-28 21:03 24,576 --a--c--- C:\WINDOWS\system32\dllcache\msaddsr.dll
2008-10-08 17:46 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdaprsr.dll
2008-10-08 17:46 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msadcor.dll
2008-10-08 17:46 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msadcfr.dll
2008-10-08 17:45 . 2002-06-28 21:03 307,200 --a--c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-08 17:45 . 2002-06-28 21:03 20,480 --a--c--- C:\WINDOWS\system32\dllcache\msadcer.dll
2008-10-08 17:44 . 2002-06-28 21:00 36,352 --a--c--- C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-10-08 17:43 . 2002-06-28 21:00 91,136 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-08 17:38 . 2001-08-17 21:50 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-10-08 17:38 . 2002-06-28 20:58 180,736 --a--c--- C:\WINDOWS\system32\dllcache\cmprops.dll
2008-10-08 17:38 . 2002-06-28 20:58 180,736 --a------ C:\WINDOWS\system32\cmprops.dll
2008-10-08 17:36 . 2001-08-17 21:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-10-08 17:35 . 2001-10-03 08:12 56,960 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-08 17:34 . 2001-08-18 06:38 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-10-08 17:32 . 2002-06-28 21:08 696,320 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2008-10-08 17:32 . 2002-06-28 21:08 151,552 --a--c--- C:\WINDOWS\system32\dllcache\sapi.cpl
2008-10-08 17:31 . 2002-06-28 21:06 1,085,938 -ra------ C:\WINDOWS\SETB9.tmp
2008-10-08 17:31 . 2002-06-28 21:20 192,116 -ra------ C:\WINDOWS\SETE7.tmp
2008-10-08 17:31 . 2002-06-28 21:17 132,096 --a------ C:\WINDOWS\system\WINSPOOL.DRV
2008-10-08 17:31 . 2001-08-23 17:47 72,704 --a------ C:\WINDOWS\system32\storprop.dll
2008-10-08 17:31 . 2002-06-28 21:00 13,923 -ra------ C:\WINDOWS\SETC5.tmp
2008-10-08 17:31 . 2002-06-28 21:01 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008-10-08 17:31 . 2002-06-28 21:01 10,496 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
2008-10-08 17:31 . 2002-06-28 21:20 7,046 -ra------ C:\WINDOWS\SETD7.tmp
2008-10-08 01:51 . 2005-04-22 16:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-08 01:51 . 2005-04-22 16:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-08 01:51 . 2005-04-22 15:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-08 01:51 . 2005-04-22 16:13 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-08 01:51 . 2005-04-22 16:13 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-08 01:51 . 2005-04-22 16:13 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-08 01:51 . 2006-06-17 17:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-08 01:51 . 2008-10-08 01:51 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-04 23:57 . 2008-10-04 23:57 <REP> d-------- C:\Documents and Settings\karine\Application Data\Mostick
2008-10-04 20:15 . 2008-10-10 10:16 32,256 --a------ C:\WINDOWS\system32\drivers\ati6ejxx.sys
2008-09-24 17:00 . 2008-09-24 17:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 17:00 . 2008-09-24 17:00 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 08:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-09 20:36 12,800 ----a-w C:\WINDOWS\system32\svchost.exe.tmp
2008-10-09 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-06 20:59 --------- d-----w C:\Documents and Settings\karine\Application Data\LimeWire
2008-10-05 14:20 --------- d-----w C:\Program Files\Masta
2008-10-04 21:50 --------- d-----w C:\Program Files\eMule
2008-06-20 13:47 42,192 ----a-w C:\Documents and Settings\karine\Application Data\GDIPFONTCACHEV1.DAT
2008-01-26 01:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-09-04 15:53 17,536 ----a-w C:\Documents and Settings\guitarine\Application Data\GDIPFONTCACHEV1.DAT
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

------- Sigcheck -------

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-06-28 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-23 68856]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2002-06-28 208949]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2007-06-30 3364616]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 607232]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 185632]
"ioCentre"="C:\Genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-06-28 147968]
"inrhc7n1j0el1l"="C:\WINDOWS\Temp\.ttC.tmp.exe" [2008-10-10 1604883]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-06-28 13312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" [2007-09-13 335872]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe" [2006-11-09 190072]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-12 593920]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"KfJNdYrMuJyfWB"= {A80A8161-02A0-2BCB-6576-E3929D9B4382} - C:\WINDOWS\System32\mpps.dll [2002-06-28 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6ejxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
--a------ 2005-10-30 02:56 606208 C:\Program Files\pspvideo9\pspVideo9.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11a8bc93-9258-11dd-a9e2-00c0a88eafed}]
\Shell\AutoRun\command - E:\start.exe
\Shell\iledefrance\command - E:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86800aa7-946f-11db-a8e0-00c0a88eafed}]
\Shell\AutoRun\command - 6x8be16.cmd
\Shell\explore\Command - 6x8be16.cmd
\Shell\open\Command - 6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ece03036-acaf-11db-a8ec-00c0a88eafed}]
\Shell\AutoRun\command - E:\8ng8w.com
\Shell\explore\Command - E:\8ng8w.com
\Shell\open\Command - E:\8ng8w.com
.
Contenu du dossier 'Tâches planifiées'

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{56F5E613-1238-4389-8FD9-628E6AFFA9AD} - C:\WINDOWS\system32\ssqpq.dll
BHO-{852990B5-0FF8-4080-AABF-D9206CE44A93} - C:\WINDOWS\system32\wvUmliGA.dll
BHO-{C7E59FAB-27B9-4782-9B37-878545669780} - C:\WINDOWS\System32\bacp.dll
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-WINSOS VERIFY - C:\Program Files\Winsos\WINSOS.EXE
HKLM-Run-MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-lphc3n1j0el1l - C:\WINDOWS\System32\lphc3n1j0el1l.exe
Notify-cbXPgDWm - cbXPgDWm.dll
Notify-ojamynen - ojamynen.dll
MSConfigStartUp-a80a81cf - C:\WINDOWS\system32\chswjjsq.dll
MSConfigStartUp-BMab39b253 - C:\WINDOWS\system32\bmwwrspf.dll
MSConfigStartUp-Killer - C:\PROGRA~1\Killer.MAX\KILLER~1.EXE
MSConfigStartUp-lphc3n1j0el1l - C:\WINDOWS\System32\lphc3n1j0el1l.exe
MSConfigStartUp-s9201 - C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
MSConfigStartUp-{4cdaf63f-adfd-ffa0-9488-dc33cabeabed} - C:\WINDOWS\system32\lcfoepnonqv.dll

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Fichiers communs\mpDRM\NPMPDRM.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 10:18:37
Windows 5.1.2600 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

C:\WINDOWS\system32\svchost.exe.tmp:ext.exe 25088 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\Temp\xew5.tmp
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\Temp\.ttC.tmp
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Heure de fin: 2008-10-10 10:32:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-10 08:31:17

Avant-CF: 9 673 146 368 octets libres
Après-CF: 10,385,186,816 octets libres

501 --- E O F --- 2008-03-28 02:08:04

Ajout du 10-10-2008 à 13:07:

aiee j'essaie de supprimer combofix comme tu me l'as dis mais justament il refuse il me dit qu'à cause de lphc3n1joel1l.exe il ne peut pas et justement ce fichier c'est la photo du virus antyspaware que j'enleve sans cesse et qui revient comment faire s'il te plait ? MERCI

Ajout du 10-10-2008 à 13:17:

excuses moi mais j'ai oublier qq chose les 1er fois la photo de ce virus ( fond blanc avec logo rouge antyspaware) se nomé phc3n1joel1l donc là je ne sais pas si c'est un composant de exe vrai ou si c le virus qui a changé de nom et fais croire à un programme .exe voilou merci

Ajout du 10-10-2008 à 14:12:

voilà mon rapport fixwareout avec un max de probleme pour que l'ordi se rallume j'ai du eteindre à la main et recommencer 4 fois pour qui puisse entrer dans ma session normalement
Username "karine" - 01/08/2008 2:19:28 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdcrh.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.58 85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{30EDD2DC-7C11-488D-BED8-2B28A593F60D}
"nameserver"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4BFA4E8A-91FB-423E-A67B-745C5953E612}
"nameserver"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{72070C69-4D10-4DD6-B70F-16B8ABE4CEA0}
"nameserver"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{30EDD2DC-7C11-488D-BED8-2B28A593F60D}
"DhcpNameServer"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4BFA4E8A-91FB-423E-A67B-745C5953E612}
"DhcpNameServer"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{72070C69-4D10-4DD6-B70F-16B8ABE4CEA0}
"DhcpNameServer"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BC37D284-7754-44A6-8DB5-B6A1B2937483}
"DhcpNameServer"="85.255.114.58,85.255.112.222" <Value cleared.

Cache de résolution DNS vidé.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdcrh.ren 82432 13/06/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Killer.MAX"="C:\\PROGRA~1\\Killer.MAX\\KILLER~1.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"SpeedOptimizer"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"ioCentre"="C:\\Genius\\ioCentre\\gTaskBar.exe"
"SeekmoOE"="C:\\Program Files\\Seekmo\\bin\\10.0.406.0\\OEAddOn.exe"
"SeekmoSA"="\"C:\\Program Files\\Seekmo\\bin\\10.0.406.0\\SeekmoSA.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"bm"="\"C:\\Program Files\\Fichiers communs\\WinSecureAv\\bm.exe\" dm=http://winsecureav.com ad=http://winsecureav.com sd=http://ykeeper.winsecureav.com"
"ptask"="C:\\Program Files\\WinSecureAv\\ptask.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"ckoig"="c:\\windows\\system32\\ckoig.exe ckoig"
"SearchSettings"="C:\\Program Files\\Search Settings\\SearchSettings.exe"
"{4cdaf63f-adfd-ffa0-9488-dc33cabeabed}"="C:\\WINDOWS\\System32\\Rundll32.exe \"C:\\WINDOWS\\system32\\lcfoepnonqv.dll\" DllStart"
"a80a81cf"="rundll32.exe \"C:\\WINDOWS\\system32\\chswjjsq.dll\",b"
"BMab39b253"="Rundll32.exe \"C:\\WINDOWS\\system32\\bmwwrspf.dll\",s"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Instant Access"="C:\\WINDOWS\\System32\\mwsrvacc.exe /run"
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"A00FE758AB.exe"="C:\\DOCUME~1\\karine\\LOCALS~1\\Temp\\_A00FE758AB.exe"
"AdobeUpdater"="C:\\Program Files\\Fichiers communs\\Adobe\\Updater5\\AdobeUpdater.exe"
"WINSOS VERIFY"="\"C:\\Program Files\\Winsos\\WINSOS.EXE\" MINI"
"s9201"="\"C:\\Documents and Settings\\All Users\\Application Data\\SecuriSoft SARL\\WinSpywareProtect\\wspwprtct.exe\" /autorun"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
merci j'attend ta réponse qd tu pourras merci beaucoup

18 ans.

Le 10-10-2008 à 17:57 #

Ok, pour malwarebyte's, tu le lance, onglet log/rapport et tu double clic sur celui à la date que tu l'as fait, tu copie et colle le rapport

(Modifié par Ichigo11 le 10-10-2008 à 17:58)

Le 10-10-2008 à 19:29 #

voilà mon rapport
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1248
Windows 5.1.2600

2008-10-10 19:01:44
mbam-log-2008-10-10 (19-01-36).txt

Type de recherche: Examen rapide
Eléments examinés: 50767
Temps écoulé: 11 minute(s), 9 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7n1j0el1l (Rogue.AntivirusXP2008) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Temp\.tt9.tmp.exe (Rogue.AntivirusXP2008) -> No action taken.
C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt6.tmp.vbs (Trojan.FakeAlert) -> No action taken.

18 ans.

Le 10-10-2008 à 19:33 #

Il reste des infections, qui plus est n'ont pas étaient supprimer, donc suis la manip suivante à la lettre; sinon ça sert à rien que je donne des manips:

=> Lance Malwarebyte's ==> onglet Mise à jour cliquer sur => Recherche de mise à jour
Onglet Recherche => cocher Exécuter un examen complet
=> Clic Rechercher
=> Eventuellement décocher les disque à ne pas analyser
=> Clic Lancer l'examen
=> En fin de scan , si infection trouvée
==> Clic Afficher résultat
=> Fermer vos applications en cours
=> Vérifier si tout est coché et clic Supprimer la sélection

=> un rapport s'ouvre le copier et le coller dans la réponse

Le 11-10-2008 à 01:33 #

j'ai fait tout à la lettre comme tu m'as dit l'ordi à plante deux fois avec le virus voilà le rapport malwarebytes
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1251
Windows 5.1.2600

2008-10-11 01:19:13
mbam-log-2008-10-11 (01-19-13).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 117107
Temps écoulé: 1 hour(s), 43 minute(s), 21 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 65

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\Temp\.ttF.tmp.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ojamynen (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7n1j0el1l (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3n1j0el1l (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojamynen.dll.vir (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447533.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447552.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447622.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448623.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448624.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448625.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451690.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453765.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448689.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448691.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449689.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449690.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450689.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450690.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450691.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451689.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452689.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452690.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452691.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452728.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452746.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452765.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453764.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454767.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454768.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454876.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454877.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454878.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455809.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455810.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455816.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455817.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456809.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456816.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456817.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457815.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457816.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458816.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458817.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459815.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459816.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458809.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\ojamynen.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tcpsr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttF.tmp.exe (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3n1j0el1l.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3n1j0el1l.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\karine\Local Settings\temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\karine\Local Settings\temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttA.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\karine\Local Settings\temp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot.

Ajout du 11-10-2008 à 01:36:

de plus je t'ai fais un rapport trend hijack
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1251
Windows 5.1.2600

2008-10-11 01:19:13
mbam-log-2008-10-11 (01-19-13).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 117107
Temps écoulé: 1 hour(s), 43 minute(s), 21 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 65

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\Temp\.ttF.tmp.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ojamynen (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7n1j0el1l (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3n1j0el1l (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojamynen.dll.vir (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447533.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447552.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447622.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448623.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448624.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448625.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451690.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453765.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448689.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448691.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449689.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449690.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450689.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450690.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450691.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451689.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452689.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452690.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452691.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452728.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452746.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452765.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453764.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454767.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454768.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454876.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454877.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454878.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455809.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455810.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455816.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455817.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456809.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456816.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456817.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457815.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457816.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458816.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458817.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459815.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459816.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458809.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\ojamynen.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tcpsr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttF.tmp.exe (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3n1j0el1l.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3n1j0el1l.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\karine\Local Settings\temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\karine\Local Settings\temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttA.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\karine\Local Settings\temp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:27, on 2008-10-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1708537768-688789844-725345543-1004\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {DD50A491-8F09-4EE7-8E13-806160618B2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DD50A491-8F09-4EE7-8E13-806160618B2A} - (no file) (HKCU)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: text/plain - {72E53A21-BB9A-4E29-8C50-A636EBCD45F7} - C:\WINDOWS\System32\bacp.dll
O21 - SSODL: KfJNdYrMuJyfWB - {A80A8161-02A0-2BCB-6576-E3929D9B4382} - C:\WINDOWS\System32\mpps.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Service CANALPLAY - Unknown owner - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (file missing)
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 12334 bytes

Ajout du 11-10-2008 à 01:58:

je ne comprends rien a ce virus sil vs plait vener m'aider merci

18 ans.

Le 11-10-2008 à 13:27 #

Bon, reste encore des infections, on va les nettoyer:

=> Lance hijackthis.exe
=> Do a system scan only
=> Coche les lignes suivantes:
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O9 - Extra button: Microsoft AntiSpyware helper - {DD50A491-8F09-4EE7-8E13-806160618B2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DD50A491-8F09-4EE7-8E13-806160618B2A} - (no file) (HKCU)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O18 - Filter: text/plain - {72E53A21-BB9A-4E29-8C50-A636EBCD45F7} - C:\WINDOWS\System32\bacp.dll
O21 - SSODL: KfJNdYrMuJyfWB - {A80A8161-02A0-2BCB-6576-E3929D9B4382} - C:\WINDOWS\System32\mpps.dll
=> Fix checked
=> Oui

+

Télécharger sur le bureau OTMoveIt2.exe
=> Copier ce texte en gras

C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\
C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe
C:\Program Files\Fichiers communs\Real\
C:\WINDOWS\System32\bacp.dll
C:\WINDOWS\System32\mpps.dll

=> Double-clic sur OTMoveIt.exe
=> Dans le cadre de Gauche ==> clic-droit ==> coller
=> Clic MoveIt!
=> si redémarrage demandé==> Clic : YES
=> Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse

+

Désinstalle avast et installe antivir

Fais un scan avec et poste le rapport; tuto antivir

» Liste des Forums » Virus, troyens, etc...

Participer Partager

Répondre à la discussion

Créer une discussion

Partager:

Facebook

Twitter

Envoyer à un ami

Ces discussions pourraient vous intéresser également:

virus msn, j'ai besoin d'aide s'il vous plait !!!
Aidez moi s'il vous plait j'ai des problemme grave

aidez moi s'il vous plait! j'ai un probleme avec mon skyblog!!!

Salut j'ai un problème de fenêtres intempestives aidez-moi s'il vous plait!

Pouvez vous m'aider à me débarrasser d' un Cheval de Trois? S'il vous plaît

Sujets Connexes

Du nouveau ?

Rafraîchir

Connectés

Il y a actuellement 453 visiteurs
et 35 toiliens en ligne.

Restos

619€

Pour chaque actu publiée, SLT verse 1€ aux Restos du Coeur. Notre objectif de 1000€ est réalisé à 61.9% Pour participer, proposez une actu récente liée aux sciences ou à l'informatique!

Solidarité Haïti

Envoyez "HAITI" par SMS au 80222 et 1€ sera reversé à la Croix-Rouge
(Coût : 1€ + prix du SMS)
Dons en ligne: Croix-Rouge Unicef

1 Fan = 10 cents pour Haïti

Un fan sur Facebook = 10 cents pour Haïti!

Concours

Gagnez 100€ en créant un tutoriel (informatique, recette de cuisine, technique de bricolage, ...) Si vous savez faire quelque chose, vous pouvez participer!

Arakien & WéWé

Ne manquez pas le dernier épisode de votre BD : Stéréogramme

Sauf mention contraire, le contenu du blog et du forum est sous licence Creative Commons By-Sa. Vous avez le droit de le reproduire et de le modifier à condition de citer l'auteur, de faire un lien vers la page d'origine, et de partager vos travaux dérivés selon les mêmes conditions.

Conditions d'utilisation -

Partenaires: [Informatique Multimédia] [Portail du Maroc] [Actualité High Tech]
[Tutoriaux Photoshop] [éligibilité ADSL] [Astuces Windows]

Page générée en 287 millisecondes sur WWW1.

s'il vous plait venez à mon aide je pense que j'ai peux plus rien sans vous

guitarine34 →

Le 9-10-2008 à 23:22 #

Ichigo11 →

Le 9-10-2008 à 23:34 #

guitarine34 →

Le 10-10-2008 à 13:02 #

Ichigo11 →

Le 10-10-2008 à 17:57 #

guitarine34 →

Le 10-10-2008 à 19:29 #

Ichigo11 →

Le 10-10-2008 à 19:33 #

guitarine34 →

Le 11-10-2008 à 01:33 #

Ichigo11 →

Le 11-10-2008 à 13:27 #

Ces discussions pourraient vous intéresser également:

Sujets Connexes

Du nouveau ?

Connectés

Restos

Forums

Rechercher

Solidarité Haïti

1 Fan = 10 cents pour Haïti

Concours

Arakien & WéWé