Pc infecté avec pubs cid [Résolu]

svp moi ossi chui dans le meme merdier

salem telecharge zone alarme et Nod32 et tu doit faire la mise a jour

Bonsoir

belbel : merci de créer ton propre poste ! ;-)

Télécharge ceci :

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:47, on 21/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\USRobotics\Wireless USB Manager\USR54G.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: USRobotics Wireless USB Adapter.lnk = ?
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

ahmedmrissa , je ne peux pas télécharger "zone alarm" est ce que tu peux dire pourquoi svp ?

c bon c bon c fai

bonjour green day ça ne fait pas longtemps que je suis internaute est ce que tu peux m'expliquer qu'est ce qu'un "hijack" s'il te plait merci

Télécharge ceci :

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++

freen day quand je clique sur telecharger il y a comme une disquette avec une fleche verte et elle m'empeche de telechager

??

c'est pourtant cette icone qui te permet de télécharger ?!

un message d'erreur ??


++

non ça y est j' ai reussi mais il est en anglais

green day je t'envoie un rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:37, on 21/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\VM305_STI.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\eMule\emule.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DEBUGNURB] "C:\ProgramData\logopenopen.ch42v"
O4 - HKCU\..\Run: [Kind Mess Surf Settings] "C:\ProgramData\deaf boob bin.8xwl9"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

ok,

Télécharge ceci: (by Moe) :

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.


++

green day ton logiciel me dit version non supportée ça necesite windows xp et moi j'ai le vista familliale

oula ! c'est vrai ! :)

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++

ComboFix 08-01-20.1 - julien 2008-01-21 22:41:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.256 [GMT 1:00]
Running from: C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M2VX1NN\ComboFix[1].exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Invit‚\Desktop\internetgamebox.lnk

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))))))))
.

2008-01-21 22:38 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-21 22:26 . 2008-01-21 22:26 <REP> d-------- C:\Program Files\Lopxp
2008-01-21 22:17 . 2008-01-21 22:17 <REP> d-------- C:\Program Files\Trend Micro
2008-01-16 11:25 . 2008-01-21 10:35 <REP> d-------- C:\Program Files\Navilog1
2008-01-15 13:45 . 2008-01-15 13:45 <REP> d-------- C:\Windows\Google Toolbar
2008-01-15 11:55 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-15 11:28 . 2008-01-15 14:08 <REP> d-a------ C:\Users\All Users\TEMP
2008-01-15 11:28 . 2008-01-15 14:08 <REP> d-a------ C:\ProgramData\TEMP
2008-01-15 11:27 . 2008-01-15 14:06 <REP> d-------- C:\Users\All Users\Google
2008-01-15 11:27 . 2008-01-15 14:11 <REP> d-------- C:\Program Files\Google
2008-01-13 12:57 . 2008-01-14 13:12 <REP> d-------- C:\Users\julien\AppData\Roaming\Application Data
2008-01-13 12:57 . 2008-01-14 13:13 <REP> d-------- C:\Program Files\Spyware Terminator
2008-01-11 17:20 . 2008-01-13 12:40 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-11 17:20 . 2008-01-13 12:40 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-11 16:21 . 2008-01-11 16:21 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-11 16:21 . 2008-01-11 16:21 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-11 16:21 . 2008-01-11 16:21 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-11 16:21 . 2008-01-11 16:21 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-11 16:21 . 2008-01-11 16:21 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-11 16:19 . 2008-01-11 16:19 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-11 16:19 . 2008-01-11 16:19 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-11 16:19 . 2008-01-11 16:19 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-11 16:19 . 2008-01-11 16:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-11 16:19 . 2008-01-11 16:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-11 16:19 . 2008-01-11 16:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-11 16:19 . 2008-01-11 16:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-11 16:19 . 2008-01-11 16:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-11 16:19 . 2008-01-11 16:19 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-11 16:18 . 2008-01-11 16:18 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-05 16:02 . 2008-01-05 16:02 <REP> d-------- C:\Users\julien\telechargement et videos

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 10:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-15 09:24 --------- d-----w C:\ProgramData\HECKMEALJUMP
2008-01-15 09:24 --------- d-----w C:\ProgramData\grey ante kind mess
2008-01-11 15:42 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-11 15:42 --------- d-----w C:\Program Files\Windows Mail
2008-01-11 15:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-11 15:19 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-11 15:19 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-11 15:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-28 17:36 --------- d-----w C:\ProgramData\Symantec
2007-12-28 17:36 --------- d-----w C:\Program Files\NewTech Infosystems
2007-12-28 17:36 --------- d-----w C:\Program Files\Common Files\NewTech Infosystems
2007-12-27 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 18:10 --------- d-----w C:\Program Files\LGGSM
2007-12-27 18:09 --------- d-----w C:\Program Files\Ulead Systems
2007-12-27 18:08 --------- d-----w C:\ProgramData\Ulead Systems
2007-12-20 20:23 --------- d-----w C:\ProgramData\NVIDIA
2007-12-19 11:17 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-18 17:04 --------- d-----w C:\Program Files\MSN Messenger
2007-12-18 17:04 --------- d-----w C:\Program Files\Circle Developement
2007-12-12 07:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-12 07:37 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 07:37 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 07:37 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 07:36 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 07:36 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 07:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 07:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 07:35 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 07:35 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 07:35 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 07:35 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 07:34 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 07:34 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-18 16:42 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 02:02 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-15 02:02 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-08-29 12:25 174 --sha-w C:\Program Files\desktop.ini
2007-08-02 14:55 2,922,848,256 ----a-w C:\Users\julien\Downloads.zip
2007-05-17 13:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-17 13:08 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-17 13:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 16:18 1232896]
"????r"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"DEBUGNURB"="C:\ProgramData\logopenopen.ch42v" [2008-01-15 10:23 385040]
"Kind Mess Surf Settings"="C:\ProgramData\deaf boob bin.8xwl9" [2008-01-15 10:24 380944]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-09 17:41 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 03:57 3784704 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eRecoveryService"="" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 10:45 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 10:39 217088]
"BigDog305"="C:\Windows\VM305_STI.exe" [2005-08-05 14:15 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 12:03 45056]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-14 14:18:59 528384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 vnccom;vnccom;C:\Windows\system32\Drivers\vnccom.SYS [2004-06-26 12:22]
R3 vncdrv;vncdrv;C:\Windows\system32\DRIVERS\vncdrv.sys [2004-06-26 12:22]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 08:22]
R3 ZSMC0305;VIMICRO USB PC Camera V;C:\Windows\system32\Drivers\usbVM305.sys [2005-11-30 11:50]
R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;C:\Windows\system32\DRIVERS\WlanUZXP.sys [2006-06-20 09:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 22:45:20
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????@?@??????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 22:47:02
ComboFix-quarantined-files.txt 2008-01-21 21:46:55
.
2008-01-18 20:16:29 --- E O F ---

tu as reçu mon rapport green day

oui, je te donne la suite demain !

@+

ok merci a demain

Salut

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :

File::

C:\ProgramData\logopenopen.ch42v
C:\ProgramData\deaf boob bin.8xwl9
C:\ProgramData\HECKMEALJUMP
C:\ProgramData\grey ante kind mess

Folder::

C:\Program Files\Circle Developement


registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DEBUGNURB"="-
"Kind Mess Surf Settings"="-

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

@+