High-Tech Santé Médecine Droit-Finances

Grippe A

Que dois-je faire ?

Rechercher : dans
Par :

Trojan downloader.exe+ win32.samll.ddx+ autre

Dernière réponse le 30 mar 2008 à 12:35:35 rocksugar, le 27 mar 2008 à 15:05:25 
 Signaler ce message aux modérateurs

Bonjour,

J'aurais besoin d'aide afin d'éliminer:

trojan douwnloader. exe
win32.small.ddx
lucallbackproxy.exe
Vundo Virtumonde

J'ai scanner avec Spybot Serach & Destroy et AVG anti spyware 7.5

Le Spybot détecte des trucs, mais je n'arrive pas a faire fonctionner la touche «Fix the problems»

Pour le AVG, il est en gris et je n'arrive pas a le mettrea jour.

J'ai aussi le VundoFix....mais ça prend un éternité pour scanner.

Je lis les message depuis + de 18 heures sur ce site «Comment ça marche» ....Je suis vraiment découragé....je ne sas plus quoi tenter ou essayé....J'ai essayé plein de conseils...mais je n'y arrive pas.

Pourriez-vous me conseiller.

Merci

Configuration: Windows XP
Internet Explorer 7.0

Posez votre question Répondre

1

jlpjlp, le 27 mar 2008 à 15:25:04

Slt,


colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/d­emohijack.htm
http://leblogdeclaude.blogspot.com/2006/10/informatique-sect­ion-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_______________________


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

   
Répondre à jlpjlp

2

rocksugar, le 27 mar 2008 à 15:46:37

Bonjour jlpjlp,

Je suis très, très novice dans le domaine....

J'ai pris en note vos instructions, je tente de faire ce que vous m'avez indiquez et je reviens avec l'information.

Un grand merci de m'aider

   
Répondre à rocksugar

3

jlpjlp, le 27 mar 2008 à 15:54:15

Ok

   
Répondre à jlpjlp

4

rocksugar, le 27 mar 2008 à 16:19:44

Re-Bonjour jlpjlp,

Je viens d'aller sur le site pour downloader leprograme pour vous donner un rapport Hijackthis...mais c'est impossible mon système, ne veux pas...

Que puis-je faire ?

   
Répondre à rocksugar

5

rocksugar, le 27 mar 2008 à 16:26:17

Re-Bonjour jlpjlp, j'ai réussi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:15, on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\antiviirus.exe
C:\Program Files\tmp0.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\tmp1.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\tmp2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\tmp3.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ca/s/v/24.9/uploader2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: KernelRunOnce - {027f38ec-ac1b-40cf-92d4-542c2d310fa1} - C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll
O21 - SSODL: zip - {b4db913f-28ad-4a68-8b0b-09b8e09e40c6} - C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 14740 bytes

Que faire maintenant ?

merci

   
Répondre à rocksugar

6

jlpjlp, le 27 mar 2008 à 16:49:21

Télécharge BTFix de Bibi26
http://www.bibi26.power-heberg.com/logiciels/BTFix.zip
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.


__________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

   
Répondre à jlpjlp

7

rocksugar, le 27 mar 2008 à 17:09:49

Bonjour jlpjlp,

Voici le rapport avec le combofix

ComboFix 08-03-26.1 - robert 2008-03-27 11:40:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.298 [GMT -4:00]
Running from: C:\Documents and Settings\robert\Desktop\Killbeagle.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.
TimedOut: progfile.dat
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\WINDOWS\system32\*"
Findstr -MIF:/ sursen
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\qvdntlmw.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-27 11:28 . 2008-03-27 11:31 <DIR> d-------- C:\Hijackthis
2008-03-27 11:23 . 2008-03-27 11:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-27 08:17 . 2008-03-27 08:17 <DIR> d-------- C:\VundoFix Backups
2008-03-27 06:22 . 2008-03-27 06:22 110,592 --a------ C:\WINDOWS\system32\tmpmvkpy.exe
2008-03-26 20:54 . 2008-03-27 11:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 20:54 . 2008-03-27 11:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-26 18:28 . 2008-03-26 18:28 <DIR> d-------- C:\Documents and Settings\robert\Desktopvirii
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\DesktopTrojan.Win32.BlackBird.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\DesktopFWebdEditor.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\Desktopfwebd.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\Desktopfkwp2.0.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\Desktopfkwp1.5.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\Desktopfilemanagerclient.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\DesktopEditorFKWP2.0.exe
2008-03-26 18:28 . 2008-03-26 18:28 4,096 --a------ C:\Documents and Settings\robert\DesktopEditorFKWP1.5.exe
2008-03-26 18:27 . 2008-03-26 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\lijqvgvy
2008-03-26 18:27 . 2008-03-26 18:27 98,304 --a------ C:\WINDOWS\system32\xqtepibi.exe
2008-03-26 18:26 . 2008-03-26 12:28 221,184 --a------ C:\WINDOWS\vbgtorfd.dll
2008-03-26 18:26 . 2008-03-26 12:28 212,992 --a------ C:\WINDOWS\kdftlboedsb.dll
2008-03-26 18:26 . 2008-03-26 12:28 81,920 --a------ C:\WINDOWS\norlatmx.exe
2008-03-26 18:26 . 2008-03-26 18:26 21,660 --a------ C:\Program Files\antiviirus.exe
2008-03-26 18:26 . 2008-03-26 18:26 16,536 -r-hs---- C:\Program Files\tmp3.exe
2008-03-26 18:26 . 2008-03-26 18:26 16,536 -r-hs---- C:\Program Files\tmp2.exe
2008-03-26 18:26 . 2008-03-26 18:26 16,536 -r-hs---- C:\Program Files\tmp1.exe
2008-03-26 18:26 . 2008-03-26 18:26 16,536 -r-hs---- C:\Program Files\tmp0.exe
2008-03-25 11:06 . 2008-03-25 11:12 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-03-23 14:46 . 2008-03-23 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DivoGames
2008-03-10 16:45 . 2008-03-10 16:28 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 16:45 . 2008-03-10 16:45 2,548 --a------ C:\WINDOWS\unins000.dat
2008-03-09 21:34 . 2008-03-09 21:34 <DIR> d-------- C:\Program Files\Benjamin Moore
2008-03-09 21:34 . 2008-03-09 21:34 <DIR> d-------- C:\Benjamin Moore
2008-03-08 10:50 . 2008-03-08 10:50 <DIR> d-------- C:\Program Files\Room Arranger
2008-02-27 17:21 . 2008-02-27 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 15:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-27 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-27 01:02 --------- d-----w C:\Program Files\ErrorKiller
2008-03-23 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-23 19:30 --------- d-----w C:\Documents and Settings\robert\Application Data\PlayFirst
2008-03-23 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-23 19:23 --------- d-----w C:\Program Files\IncrediGames
2008-03-19 12:50 --------- d-----w C:\Documents and Settings\robert\Application Data\Canon
2008-03-11 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 10:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 14:57 --------- d-----w C:\Documents and Settings\robert\Application Data\OpenOffice.org2
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-05 20:26 --------- d-----w C:\Documents and Settings\robert\Application Data\Gamelab
2008-02-28 19:16 69,024 -c--a-w C:\Documents and Settings\robert\Application Data\GDIPFONTCACHEV1.DAT
2008-02-27 13:02 --------- d-----w C:\Program Files\Windows Live
2008-02-26 17:51 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-26 17:51 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-26 17:43 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 17:38 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 18:38 --------- d-----w C:\Program Files\Incredijeux
2008-02-25 18:30 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-02-22 19:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-22 19:35 --------- d-----w C:\Program Files\BookingBoard
2008-02-22 19:35 --------- d-----w C:\Program Files\Acoustica CD Label Maker
2008-02-22 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 16:29 --------- d-----w C:\Documents and Settings\robert\Application Data\Netscape
2008-02-18 12:27 --------- d-----w C:\Documents and Settings\robert\Application Data\Grisoft
2008-02-18 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 22:26 --------- d-----w C:\Program Files\IncrediMail
2008-02-17 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 00:46 85,504 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-15 03:19 164 ----a-w C:\install.dat
2008-02-08 15:37 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-01 16:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 15:43 --------- d-----w C:\Program Files\Creative
2008-01-30 15:38 --------- d-----w C:\Documents and Settings\robert\Application Data\SmartDraw
2006-02-23 22:12 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2003-11-22 21:49 1 -c--a-w C:\Documents and Settings\robert\scrcfg.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 08:52 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-03 16:04 214456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"SoundMan"="SOUNDMAN.EXE" [2003-05-13 18:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 00:41 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-05 20:32 77824]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 18:19 40960]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 23:56 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-01 00:00 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 23:56 188416]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 20:50 33792]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 19:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 13:22 26248]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"!AVG Anti-Spyware"="C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"antiviirus"="C:\Program Files\antiviirus.exe" [2008-03-26 18:26 21660]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"XKzCRxfxYt"= C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"KernelRunOnce"= {027f38ec-ac1b-40cf-92d4-542c2d310fa1} - C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll [2008-03-26 18:26 14378]
"zip"= {b4db913f-28ad-4a68-8b0b-09b8e09e40c6} - C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll [2008-03-26 18:26 23198]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Documents and Settings\\robert\\My Documents\\My Received Files\\IziSpot 3\\IziSpot.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-20 17:41]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 15:00:01 C:\WINDOWS\Tasks\AB8E033691F5BF8A.job"
- c:\progra~1\funkfo~1\Open Mpeg Once.exe
"2008-03-27 15:00:02 C:\WINDOWS\Tasks\AE5D636E91CAE24E.job"
- c:\progra~1\funkfo~1\Open Mpeg Once.exe
"2008-03-27 15:00:02 C:\WINDOWS\Tasks\AEFBD04A91804086.job"
- c:\progra~1\funkfo~1\Open Mpeg Once.exe
"2008-03-22 00:00:40 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - robert.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-27 15:16:32 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 11:49:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-27 11:59:35
ComboFix-quarantined-files.txt 2008-03-27 15:59:28
Pre-Run: 18,877,583,360 bytes free
Post-Run: 18,874,888,192 bytes free
.
2008-03-12 12:04:06 --- E O F ---


Maintenant pouvez vous me dire quoi faire ?

   
Répondre à rocksugar

8

jlpjlp, le 27 mar 2008 à 17:16:39

Télécharge BTFix de Bibi26
http://www.bibi26.power-heberg.com/logiciels/BTFix.zip
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

__________________

analyse ces fichiers sur virus total et ceux qui sont inféctés tu les mets dans la citation otmovit:

http://www.virustotal.com/fr/


C:\WINDOWS\system32\tmpmvkpy.exe
C:\Documents and Settings\robert\Desktopvirii
C:\Documents and Settings\robert\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\robert\DesktopFWebdEditor.exe
C:\Documents and Settings\robert\Desktopfwebd.exe
C:\Documents and Settings\robert\Desktopfkwp2.0.exe
C:\Documents and Settings\robert\Desktopfkwp1.5.exe
C:\Documents and Settings\robert\Desktopfilemanagerclient.exe
C:\Documents and Settings\robert\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\robert\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\All Users\Application Data\lijqvgvy
C:\WINDOWS\system32\xqtepibi.exe
C:\WINDOWS\vbgtorfd.dll
C:\WINDOWS\kdftlboedsb.dll
C:\WINDOWS\norlatmx.exe
C:\Program Files\antiviirus.exe
C:\Program Files\tmp3.exe
C:\Program Files\tmp2.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp0.exe

_______________________



télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________________


recolle un nouveau hijakchits

   
Répondre à jlpjlp

9

rocksugar, le 27 mar 2008 à 17:39:29

Jlpjlp, me re-voilà:

Voici le rapport de BTFIX:

BTFix 1.091 (par bibi26) - 27/03/2008 12:34:00 - Analyse
Lancé depuis C:\Documents and Settings\robert\Desktop\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Program Files\AskTBar\
- C:\Program Files\MSN Messenger\RICHED20.dll

---> Analyse terminée le 27/03/2008 12:34:02

Voici le rapport de OTmoveit

C:\WINDOWS\system32\tmpmvkpy.exe moved successfully.
C:\Documents and Settings\robert\Desktopvirii moved successfully.
C:\Documents and Settings\robert\DesktopTrojan.Win32.BlackBird.exe moved successfully.
C:\Documents and Settings\robert\DesktopFWebdEditor.exe moved successfully.
C:\Documents and Settings\robert\Desktopfwebd.exe moved successfully.
C:\Documents and Settings\robert\Desktopfkwp2.0.exe moved successfully.
C:\Documents and Settings\robert\Desktopfkwp1.5.exe moved successfully.
C:\Documents and Settings\robert\Desktopfilemanagerclient.exe moved successfully.
C:\Documents and Settings\robert\DesktopEditorFKWP2.0.exe moved successfully.
C:\Documents and Settings\robert\DesktopEditorFKWP1.5.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\lijqvgvy moved successfully.
C:\WINDOWS\system32\xqtepibi.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\vbgtorfd.dll
C:\WINDOWS\vbgtorfd.dll NOT unregistered.
C:\WINDOWS\vbgtorfd.dll moved successfully.
C:\WINDOWS\kdftlboedsb.dll unregistered successfully.
C:\WINDOWS\kdftlboedsb.dll moved successfully.
C:\WINDOWS\norlatmx.exe moved successfully.
C:\Program Files\antiviirus.exe moved successfully.
File move failed. C:\Program Files\tmp3.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\tmp2.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\tmp1.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\tmp0.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03272008_122617

Et voici le nouveau Hijacthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:41, on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ca/s/v/24.9/uploader2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: KernelRunOnce - {027f38ec-ac1b-40cf-92d4-542c2d310fa1} - C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll
O21 - SSODL: zip - {b4db913f-28ad-4a68-8b0b-09b8e09e40c6} - C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 14561 bytes


J'attend vos nouvelles instructions....

   
Répondre à rocksugar

10

jlpjlp, le 27 mar 2008 à 17:59:23

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O8 - Extra context menu item: &Search - ?p=ZJ
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O21 - SSODL: KernelRunOnce - {027f38ec-ac1b-40cf-92d4-542c2d310fa1} - C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll
O21 - SSODL: zip - {b4db913f-28ad-4a68-8b0b-09b8e09e40c6} - C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll

________________________




télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\antiviirus.exe
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll
C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll
C:\Program Files\tmp3.exe
C:\Program Files\tmp2.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp0.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

________________

vire ce qui est dans moved files en allant dans poste de travail puis c puis otmovit
________________

colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/
__________________
recolle hijakchits et dis tes soucis

   
Répondre à jlpjlp

11

rocksugar, le 27 mar 2008 à 18:48:47

Bonjour jlpjlp,

Voici le nouveau rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:23, on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ca/s/v/24.9/uploader2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: KernelRunOnce - {027f38ec-ac1b-40cf-92d4-542c2d310fa1} - C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll (file missing)
O21 - SSODL: zip - {b4db913f-28ad-4a68-8b0b-09b8e09e40c6} - C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll (file missing)
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 14502 bytes

Nouveau rapport de Panda

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-03-27 13:33:46
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security 2007 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040467 adware/elitebar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D}
00040467 adware/elitebar Adware No 1 Yes No hkey_classes_root\clsid\{0b682cc1-fb40-4006-a5dd-99edd3c9095d}
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\robert\Cookies\robert@mysearch[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\robert\Cookies\robert@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\robert\Cookies\robert@xiti[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\robert\Cookies\robert@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\robert\Cookies\robert@questionmarket[2].txt
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================


Et j'ai refais un nettoyage avec Otmoveit de :
Citation :

C:\Program Files\antiviirus.exe
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll
C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll
C:\Program Files\tmp3.exe
C:\Program Files\tmp2.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp0.exe

Je suis a bout de souffle de devoir toujours re-démarrrer l'ordi et refaire ces procéder....j'apprécie tellement votre aide...Que dois-je faire maintenant ?

   
Répondre à rocksugar

12

rocksugar, le 27 mar 2008 à 19:34:59

Jlpjlp,

J'attends vos précieux conseils tellement apprécié. Merci encore mille fois de m'aider.

   
Répondre à rocksugar

13

jlpjlp, le 27 mar 2008 à 20:09:03

Rajoute ceci dans otmovit et colle moi le rapport


HKEY_LOCAL_MACHINE\software\classes\CLSID\{0B682CC1-FB40-400­6-A5DD-99EDD3C9095D}
hkey_classes_root\clsid\{0b682cc1-fb40-4006-a5dd-99edd3c9


__________



Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

O8 - Extra context menu item: &Search - ?p=ZJ

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O21 - SSODL: KernelRunOnce - {027f38ec-ac1b-40cf-92d4-542c2d310fa1} - C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1}\KernelRunOnce.dll (file missing)
O21 - SSODL: zip - {b4db913f-28ad-4a68-8b0b-09b8e09e40c6} - C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6}\zip.dll (file missing)

____________________


scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

____________________


recolle un hijackthis

   
Répondre à jlpjlp

14

rocksugar, le 27 mar 2008 à 20:35:36

Ok, j'ai fait « do a scan only» et coché les cases devant les lignes que tu m'as indiqué.

Voici le nouveau rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:43, on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Samsung ML-2010 Series\CommonSM\CommonSM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ca/s/v/24.9/uploader2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 12995 bytes

J'ai également ajouté: dans otmovit

HKEY_LOCAL_MACHINE\software\classes\CLSID\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D}
hkey_classes_root\clsid\{0b682cc1-fb40-4006-a5dd-99edd3c9

Cependant, je ne retrouve pas l'endroit ou je peux te faire un rapport.....c'est pas vrai....peux-tu m'aider STP...

Je suis entrain de scanner avec MalwareByte's Anti-Malware Dès que c'est terminé, je viens coller le rapport.

Merciiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii pour ton aide, si tu savais à quel point je m'arrache les cheveux de la tête......ça fera bientôt 26 heures que je suis debout à régler le problème....

Merci pour ton aide...

   
Répondre à rocksugar

15

jlpjlp, le 27 mar 2008 à 20:41:33

Excuse j'ai oubklié cette ligne fix la

O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe




et colle ceci dans otmovit

C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe



le rapport est dans poste de travail puis c puis otmovit puis moved files




scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php­

____________________
recolle un hijackthis

_________________

si tu as des pubs de type cid:

Télécharge ceci: (by Moe) :

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.

   
Répondre à jlpjlp

16

rocksugar, le 27 mar 2008 à 20:59:56

Ok...j'ai télécharger le psetup.exe au cas ou....je ne sais pas si k'avais des pub CID...mais juste au cas... Voici le rapport:

# Rapport Lopxp fait le 2008-03-27 à 15:52:02
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.09 - Maj du 28/02/2008

Killing 'iexplore.exe'
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" (2700)

========== Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

2007-10-24 à 18:31:22 - Adobe
2007-10-23 à 17:23:12 - ALM
2004-10-29 à 14:46:55 - Apple Computer
2007-12-30 à 21:10:52 - Autodesk
2006-06-20 à 21:41:53 - BOONTY
2007-03-16 à 16:53:58 - CaveDays
2007-12-15 à 19:59:08 - Christmasville
2008-03-23 à 18:46:39 - DivoGames
2007-07-23 à 00:05:44 - Escape From Paradise
2007-12-30 à 14:40:04 - FLEXnet
2007-12-11 à 19:30:24 - Flood Light Games
2007-05-09 à 15:59:37 - FloodLightGames
2007-12-20 à 20:56:42 - Fugazo
2007-06-14 à 03:29:45 - Gamelab
2008-02-27 à 21:23:06 - Go Go Gourmet
2007-10-23 à 15:41:13 - Google
2008-02-18 à 12:26:36 - Grisoft
2007-11-07 à 05:36:18 - HipSoft
2007-03-17 à 17:45:25 - iWin
2007-04-24 à 15:05:09 - JollyBear
2008-02-17 à 16:22:28 - Lavasoft
2004-12-11 à 19:20:18 - Macrovision
2008-03-27 à 19:17:56 - Malwarebytes
2007-09-10 à 21:53:18 - McAfee.com
2006-04-25 à 21:03:30 - Microsoft
2007-06-29 à 18:33:32 - Mozilla
2003-11-12 à 05:22:18 - MSN6
2007-12-07 à 18:17:28 - MumboJumbo
2004-10-03 à 22:39:43 - Newsoft
2007-07-30 à 06:21:07 - Oberon Games
2007-07-11 à 19:08:16 - Oberon Media
2007-07-10 à 12:46:10 - OberonGames
2004-10-08 à 14:16:39 - Once Balm Dog Support
2005-03-20 à 16:10:10 - pixelStorm
2008-03-23 à 19:30:00 - PlayFirst
2004-10-29 à 14:49:45 - QuickTime
2007-11-09 à 10:58:54 - Sandlot Games
2003-12-04 à 17:50:53 - ScanSoft
2007-08-24 à 18:20:48 - ScreenSeven
2007-09-18 à 18:47:31 - Seating Arrangement
2007-08-25 à 12:53:04 - SpinTop Games
2008-03-11 à 15:07:06 - Spybot - Search & Destroy
2007-11-24 à 14:48:14 - Super X Studios
2008-03-27 à 18:54:54 - Symantec
2008-03-23 à 20:43:04 - TEMP
2006-09-25 à 17:40:40 - Trymedia
2006-08-21 à 11:38:21 - Windows Genuine Advantage
2008-02-26 à 17:22:01 - WLInstaller
2007-10-23 à 15:42:23 - yahoo!
2006-05-04 à 01:00:38 - Yahoo! Companion
2005-07-31 à 23:32:05 - Zylom

+- C:\Documents and Settings\robert\Application Data

2006-06-04 à 16:08:08 - 7Wonders
2007-09-16 à 20:27:30 - Acoustica
2008-01-23 à 20:02:25 - Adobe
2007-10-15 à 19:05:12 - Ahead
2004-10-29 à 14:48:30 - Apple Computer
2003-12-11 à 01:42:02 - Arcsoft
2006-07-26 à 19:52:33 - Autodesk
2007-06-13 à 14:13:29 - Avernum 4 Saved Games
2007-09-19 à 18:23:52 - Big Fish Games
2007-01-14 à 20:07:06 - CamTrack
2008-03-19 à 12:50:17 - Canon
2007-04-13 à 17:35:32 - Chicken Chase
2007-05-11 à 15:42:11 - DiVision Studios - Escaping Atlantis
2005-01-21 à 15:26:32 - Druide
2006-01-04 à 21:07:22 - EA
2007-05-18 à 20:58:49 - FileMaker
2007-12-11 à 19:30:24 - Flood Light Games
2007-05-09 à 15:59:37 - FloodLightGames
2007-11-02 à 19:14:48 - ForgottenRiddles
2007-01-11 à 19:44:11 - funkitron
2007-04-13 à 17:50:34 - Gaijin Ent
2008-03-05 à 20:26:54 - Gamelab
2007-02-10 à 14:12:23 - Google
2008-02-18 à 12:27:04 - Grisoft
2003-11-16 à 06:13:42 - Help
2007-12-14 à 15:22:16 - Home Sweet Home
2006-11-28 à 18:45:06 - Identities
2003-09-05 à 07:39:04 - InterVideo
2007-05-20 à 11:25:46 - iWin
2007-10-09 à 18:37:54 - Jane s Hotel
2005-04-30 à 00:58:37 - Lavasoft
2004-11-14 à 03:34:06 - Leadertech
2007-10-31 à 15:46:57 - Legends of pirates
2005-09-29 à 01:18:35 - Macromedia
2005-11-24 à 17:14:11 - Magic Match
2008-03-27 à 19:18:01 - Malwarebytes
2008-02-16 à 15:36:55 - Microsoft
2007-06-29 à 21:36:59 - Mozilla
2003-11-22 à 21:01:15 - MSN6
2007-04-16 à 12:01:51 - MysteryStudio
2008-02-22 à 16:29:32 - Netscape
2007-06-08 à 12:56:33 - Ohana Games
2008-03-07 à 14:57:53 - OpenOffice.org2
2008-03-23 à 19:30:00 - PlayFirst
2007-12-06 à 12:15:47 - Reasonable Software House Ltd
2007-07-27 à 19:34:15 - Sandlot Games
2007-04-16 à 17:44:05 - ScreenSeven
2007-10-01 à 23:29:03 - Sheeplings
2008-01-30 à 15:38:10 - SmartDraw
2007-08-07 à 18:54:13 - Sun
2007-11-25 à 19:58:05 - Super-Cow
2003-11-10 à 20:40:21 - Symantec
2007-06-29 à 21:37:13 - Talkback
2005-07-30 à 13:22:37 - TeamLicense
2004-02-01 à 22:32:24 - The Labyrinth Plus! Edition
2005-08-25 à 02:34:52 - Thunderbird
2006-03-28 à 22:40:39 - Webshots
2005-10-18 à 23:27:57 - Wildfire
2007-09-11 à 16:50:48 - WinRAR
2007-10-23 à 15:42:23 - Yahoo!
2007-12-18 à 13:05:08 - yoclient
2006-11-28 à 18:45:06 - Zylom

+- C:\Documents and Settings\robert\Local Settings\Application Data

2007-10-24 à 18:38:25 - Adobe
2007-10-16 à 18:59:48 - Ahead
2008-01-14 à 20:18:34 - Apple Computer
2008-02-26 à 17:51:33 - ApplicationHistory
2006-07-26 à 19:53:55 - Autodesk
2008-02-26 à 02:44:31 - FamilyRestaurant
2007-09-25 à 10:55:29 - Google
2006-12-22 à 04:16:10 - Grubby Games
2006-01-11 à 14:09:19 - Help
2003-11-13 à 03:02:18 - Identities
2007-10-23 à 19:00:19 - Installer3224
2007-11-22 à 21:06:04 - Installer3316
2007-04-24 à 15:05:09 - JollyBear
2008-03-09 à 14:56:23 - Microsoft
2007-06-29 à 21:36:59 - Mozilla
2006-01-11 à 14:52:18 - Musicmatch
2004-10-03 à 22:47:29 - Newsoft
2008-02-25 à 18:52:35 - Oberon Games
2007-07-11 à 19:08:16 - Oberon Media
2008-02-26 à 17:58:04 - PCHealth
2007-12-06 à 12:25:54 - Reasonable_Software_House
2008-03-08 à 15:07:39 - Room Arranger
2007-09-18 à 18:47:59 - SeatingArrangement
2007-09-16 à 23:51:41 - WMTools Downloaded Files

========== Listing du dossier Program Files

+- C:\Program Files

2008-02-22 à 19:35:12 - Acoustica CD Label Maker
2007-10-23 à 19:03:44 - Adobe
2003-09-05 à 07:39:47 - Ahead
2007-03-07 à 19:24:46 - AKVIS
2005-11-25 à 10:51:09 - Alwil Software
2006-07-26 à 19:53:54 - AnswerWorks 4.0
2005-03-11 à 14:40:47 - ArcSoft
2006-07-26 à 19:54:18 - AutoCAD 2004
2005-02-14 à 06:26:19 - Autodesk
2008-03-10 à 01:34:22 - Benjamin Moore
2007-10-23 à 16:03:19 - Bonjour
2008-02-22 à 19:35:15 - BookingBoard
2006-10-27 à 20:10:42 - Canon
2007-12-21 à 16:44:27 - CCleaner
2008-02-26 à 17:25:54 - Common Files
2003-09-05 à 07:39:47 - ComPlus Applications
2008-01-30 à 15:43:00 - Creative
2007-12-30 à 12:09:32 - Diablo II
2006-05-08 à 21:33:21 - DIFX
2007-01-14 à 15:55:06 - DigitalPeers
2003-12-28 à 17:54:50 - directx
2006-04-18 à 19:35:08 - Downloaded Installations
2005-01-21 à 15:23:31 - Druide
2005-06-18 à 22:45:22 - EA Games
2007-02-26 à 20:39:45 - Electronic Arts
2008-03-27 à 01:02:52 - ErrorKiller
2005-08-28 à 23:52:21 - Etresoft Decoder 3.1
2006-11-24 à 14:11:28 - FLISoft
2007-10-23 à 18:03:43 - Google
2007-03-22 à 15:10:32 - IKEA HomePlanner
2008-03-23 à 19:23:51 - IncrediGames
2008-02-25 à 18:38:31 - Incredijeux
2008-02-17 à 22:26:59 - IncrediMail
2005-09-04 à 12:47:29 - Infogrames
2004-07-30 à 01:27:10 - Infogrames Interactive
2005-03-11 à 14:41:10 - Ingenio-LQ
2008-02-22 à 16:32:06 - InstallShield Installation Information
2008-02-17 à 16:40:57 - Internet Explorer
2006-01-29 à 14:36:21 - Logitech
2008-03-27 à 19:52:05 - Lopxp
2006-02-14 à 20:13:18 - Macrogaming
2008-03-27 à 19:17:57 - Malwarebytes' Anti-Malware
2006-11-01 à 12:23:45 - Maxis
2005-02-14 à 05:31:30 - Messenger
2004-12-27 à 17:23:10 - Microids
2007-03-30 à 17:52:20 - MicroProse
2007-05-09 à 09:07:05 - Microsoft CAPICOM 2.1.0.2
2003-09-05 à 07:40:14 - microsoft frontpage
2007-04-05 à 17:00:22 - Microsoft Games
2003-12-13 à 23:38:50 - Microsoft Hardware
2004-04-05 à 03:30:47 - Microsoft Office
2004-02-01 à 22:27:37 - Microsoft Plus!
2008-02-26 à 17:43:57 - Microsoft SQL Server Compact Edition
2003-11-25 à 17:18:31 - Microsoft Visual Studio
2005-09-15 à 18:00:22 - Mindscape
2005-02-14 à 05:31:32 - Movie Maker
2003-12-21 à 23:09:12 - MSN
2005-02-09 à 20:11:56 - MSN Apps
2003-09-05 à 07:40:08 - MSN Gaming Zone
2008-02-26 à 17:38:57 - MSN Messenger
2006-11-18 à 18:53:44 - MSXML 4.0
2006-01-19 à 14:45:34 - Musicmatch
2004-10-07 à 16:14:40 - NetMeeting
2006-09-17 à 21:07:53 - Netscape
2004-10-06 à 21:25:00 - NewSoft
2007-12-21 à 19:06:43 - Norton Internet Security
2007-10-03 à 17:51:22 - Norton Security Scan
2007-12-30 à 12:05:00 - Oberon Media
2003-09-05 à 07:40:11 - Online Services
2007-08-07 à 18:55:43 - OpenOffice.org 2.2
2007-06-13 à 09:04:01 - Outlook Express
2008-03-27 à 17:23:22 - Panda Security
2007-10-11 à 15:56:37 - Picasa2
2007-09-16 à 13:43:04 - Presentersoft PowerVideoMaker PPS EN DVD
2005-10-30 à 18:34:15 - Project1
2007-10-23 à 16:50:59 - QuickTime
2008-03-08 à 14:50:12 - Room Arranger
2006-07-19 à 02:04:47 - Samsung ML-2010 Series
2007-09-18 à 18:46:08 - Seating Arrangement
2008-03-25 à 15:12:17 - SmartDraw 2008
2008-03-11 à 10:18:20 - Spybot - Search & Destroy
2007-12-05 à 10:11:17 - Symantec
2008-03-27 à 15:23:36 - Trend Micro
2004-07-04 à 01:51:27 - Uninstall Information
2005-06-26 à 00:07:11 - Winamp
2008-02-27 à 13:02:10 - Windows Live
2008-02-26 à 17:51:35 - Windows Live Favorites
2008-02-26 à 17:51:07 - Windows Live Toolbar
2008-02-22 à 19:35:28 - Windows Media Connect 2
2007-09-10 à 21:55:15 - Windows Media Player
2004-10-07 à 16:14:28 - Windows NT
2006-10-20 à 06:28:56 - WindowsUpdate
2007-12-30 à 12:42:09 - WinRAR
2006-03-17 à 19:15:42 - WinZip
2006-04-25 à 11:37:04 - WordBiz
2003-09-05 à 07:40:14 - xerox
2006-05-04 à 01:00:06 - Yahoo!
2004-11-24 à 17:27:59 - Zone Labs

========== Tâches planifiées

AB8E033691F5BF8A.job: c:\progra~1\funkfo~1\Open Mpeg Once.exe
AE5D636E91CAE24E.job: c:\progra~1\funkfo~1\Open Mpeg Once.exe
AEFBD04A91804086.job: c:\progra~1\funkfo~1\Open Mpeg Once.exe
Norton Internet Security - Analyse système complète - robert.job: C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
SDMsgUpdate (TE).job: C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe -PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X

========== Clés registre


========== Bloqueur popups Internet Explorer

*.zylom.com
www.espaces perso.live.com
*.securewebinfo.com
*.safetyincludes.com
*.securemanaging.com
www.01net.com
www.lebonhommeenchante.com
www.dlvdm.com
site.voila.fr
planificationmarr.unblog.fr
*.recettes.qc.ca
www.windowslive.fr
groups.msn.com
www.lespac.com
www.staples.ca
www.radio-canada.ca
aladistasio.telequebec.tv
www.kraftcanada.com
*.gouv.qc.ca
www.educatout.com
www.jeuxvideo.com
www.candiceolson.com
www.decormag.com
*.hrdc-drhc.gc.ca
www.incredigames.com
picasaweb.google.ca
www.pagesjaunes.ca
*.rougemag.com
www.tadine.ca
www.montrealplus.ca
www.rona.ca
www.chezmaya.com
*.mail.yahoo.com
PopupMgr

========== Suggestion ( /!\ Nécessite une interprétation.) ==========

C:\Documents and Settings\All Users\Application Data\Once Balm Dog Support
C:\Documents and Settings\robert\Application Data\TeamLicense
C:\WINDOWS\tasks\AB8E033691F5BF8A.job
C:\WINDOWS\tasks\AE5D636E91CAE24E.job
C:\WINDOWS\tasks\AEFBD04A91804086.job

+- Registre : Aucune suggestion.


- Fin du rapport -

J'ai exécuté: O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe

et colle l'ai coller dans otmovit

C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe


Le scan est toujours en cours avec le MalwareByte's Anti-Malware.


Impossible de trouver le rapport de de otmoveit ??? Je n'ai plus de fichier comme plutôt ?

   
Répondre à rocksugar

17

rocksugar, le 28 mar 2008 à 01:20:34

Voici le rapport de Malwarebytes' Anti-Malware 1.09

Malwarebytes' Anti-Malware 1.09
Version de la base de données: 556

Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 305772
Temps écoulé: 1 hour(s), 48 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 48

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302}­ (Search.Hijack) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1} (Trojan.Alphabet) -> No action taken.
C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6} (Trojan.Alphabet) -> No action taken.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0198996.dll (Rogue.VirusRanger) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0198997.dll (Rogue.VirusRanger) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0198998.dll (Rogue.VirusRanger) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0199001.dll (Rogue.VirusRanger) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0199082.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0199084.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0199110.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0199111.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0200109.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0200110.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0200176.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0200177.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0201231.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0201232.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1573\A0201403.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1573\A0201404.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1574\A0201497.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1574\A0201498.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201669.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201670.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201704.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201705.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201726.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201728.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201861.exe (Rogue.AntiSpyKit) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201862.Dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201871.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201872.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201901.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201903.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202900.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202902.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202918.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202919.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202920.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202921.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202923.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202932.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0220393.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0220394.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0221407.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0221408.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0221409.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\elsvahex.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.

   
Répondre à rocksugar

18

rocksugar, le 28 mar 2008 à 01:24:15

Je viens de nettoyer et ça me donne ceci:

Malwarebytes' Anti-Malware 1.09
Version de la base de données: 556

Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 305772
Temps écoulé: 1 hour(s), 48 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 48

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302}­ (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\Installer\{027f38ec-ac1b-40cf-92d4-542c2d310fa1} (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{b4db913f-28ad-4a68-8b0b-09b8e09e40c6} (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0198996.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0198997.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0198998.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0199001.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0199082.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1571\A0199084.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0199110.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0199111.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0200109.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0200110.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0200176.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0200177.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0201231.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1572\A0201232.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1573\A0201403.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1573\A0201404.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1574\A0201497.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1574\A0201498.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201669.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201670.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201704.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201705.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201726.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201728.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201861.exe (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201862.Dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201871.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201872.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201901.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0201903.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202900.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202902.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202918.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202919.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202920.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202921.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202923.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1576\A0202932.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0220393.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0220394.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0221407.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0221408.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1613\A0221409.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\elsvahex.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

   
Répondre à rocksugar

19

rocksugar, le 28 mar 2008 à 02:27:45

Voilà, je viens de re-faire un autre scan

Malwarebytes' Anti-Malware 1.09
Version de la base de données: 556

Type de recherche: Examen rapide
Eléments examinés: 33028
Temps écoulé: 35 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

   
Répondre à rocksugar

20

jlpjlp, le 28 mar 2008 à 08:25:54

Désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : http://www.informatruc.com/desactiver_restauration.php

_________________

vire ce qui est dans moved files en allant dans poste de travail puis c puis otmovit

_________________



va dans : Démarrer > Exécuter puis copie/colle la ligne suivante en gras :

"%programfiles%\Lopxp\Lopxp.bat" /Fixme
puis valide, accepte toutes les demandes de suppression et poste le rapport stp

________________

encore des problèmes??? recolle un hijakhcits

   
Répondre à jlpjlp

21

rocksugar, le 28 mar 2008 à 11:27:27

Bon matin jlpjlp, (il est 6h24 du matin ici)

J'ai effectué : la restauration système pour purger les virus qui seraient dedans puis réactive là

Voici le rapport de l'action dans démarrer:

# Rapport Lopxp fait le 2008-03-28 à 6:13:57
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.09 - Maj du 28/02/2008


========== FixLog ==========


+- C:\Documents and Settings\All Users\Application Data\Once Balm Dog Support
Choix utilisateur : Suppression acceptée.
Déplacé avec succès.

+- C:\Documents and Settings\robert\Application Data\TeamLicense
Choix utilisateur : Suppression acceptée.
Déplacé avec succès.

+- C:\WINDOWS\tasks\AB8E033691F5BF8A.job
Choix utilisateur : Suppression acceptée.
Déplacé avec succès.

+- C:\WINDOWS\tasks\AE5D636E91CAE24E.job
Choix utilisateur : Suppression acceptée.
Déplacé avec succès.

+- C:\WINDOWS\tasks\AEFBD04A91804086.job
Choix utilisateur : Suppression acceptée.
Déplacé avec succès.

+- Fichiers temporaires :
Nettoyage effectué.


========== Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

2007-10-24 à 18:31:22 - Adobe
2007-10-23 à 17:23:12 - ALM
2004-10-29 à 14:46:55 - Apple Computer
2007-12-30 à 21:10:52 - Autodesk
2006-06-20 à 21:41:53 - BOONTY
2007-03-16 à 16:53:58 - CaveDays
2007-12-15 à 19:59:08 - Christmasville
2008-03-23 à 18:46:39 - DivoGames
2007-07-23 à 00:05:44 - Escape From Paradise
2007-12-30 à 14:40:04 - FLEXnet
2007-12-11 à 19:30:24 - Flood Light Games
2007-05-09 à 15:59:37 - FloodLightGames
2007-12-20 à 20:56:42 - Fugazo
2007-06-14 à 03:29:45 - Gamelab
2008-02-27 à 21:23:06 - Go Go Gourmet
2007-10-23 à 15:41:13 - Google
2008-02-18 à 12:26:36 - Grisoft
2007-11-07 à 05:36:18 - HipSoft
2007-03-17 à 17:45:25 - iWin
2007-04-24 à 15:05:09 - JollyBear
2008-02-17 à 16:22:28 - Lavasoft
2004-12-11 à 19:20:18 - Macrovision
2008-03-27 à 19:17:56 - Malwarebytes
2007-09-10 à 21:53:18 - McAfee.com
2006-04-25 à 21:03:30 - Microsoft
2007-06-29 à 18:33:32 - Mozilla
2003-11-12 à 05:22:18 - MSN6
2007-12-07 à 18:17:28 - MumboJumbo
2004-10-03 à 22:39:43 - Newsoft
2007-07-30 à 06:21:07 - Oberon Games
2007-07-11 à 19:08:16 - Oberon Media
2007-07-10 à 12:46:10 - OberonGames
2005-03-20 à 16:10:10 - pixelStorm
2008-03-23 à 19:30:00 - PlayFirst
2004-10-29 à 14:49:45 - QuickTime
2007-11-09 à 10:58:54 - Sandlot Games
2003-12-04 à 17:50:53 - ScanSoft
2007-08-24 à 18:20:48 - ScreenSeven
2007-09-18 à 18:47:31 - Seating Arrangement
2007-08-25 à 12:53:04 - SpinTop Games
2008-03-11 à 15:07:06 - Spybot - Search & Destroy
2007-11-24 à 14:48:14 - Super X Studios
2008-03-28 à 10:11:59 - Symantec
2008-03-23 à 20:43:04 - TEMP
2006-09-25 à 17:40:40 - Trymedia
2006-08-21 à 11:38:21 - Windows Genuine Advantage
2008-02-26 à 17:22:01 - WLInstaller
2007-10-23 à 15:42:23 - yahoo!
2006-05-04 à 01:00:38 - Yahoo! Companion
2005-07-31 à 23:32:05 - Zylom

+- C:\Documents and Settings\robert\Application Data

2006-06-04 à 16:08:08 - 7Wonders
2007-09-16 à 20:27:30 - Acoustica
2008-01-23 à 20:02:25 - Adobe
2007-10-15 à 19:05:12 - Ahead
2004-10-29 à 14:48:30 - Apple Computer
2003-12-11 à 01:42:02 - Arcsoft
2006-07-26 à 19:52:33 - Autodesk
2007-06-13 à 14:13:29 - Avernum 4 Saved Games
2007-09-19 à 18:23:52 - Big Fish Games
2007-01-14 à 20:07:06 - CamTrack
2008-03-19 à 12:50:17 - Canon
2007-04-13 à 17:35:32 - Chicken Chase
2007-05-11 à 15:42:11 - DiVision Studios - Escaping Atlantis
2005-01-21 à 15:26:32 - Druide
2006-01-04 à 21:07:22 - EA
2007-05-18 à 20:58:49 - FileMaker
2007-12-11 à 19:30:24 - Flood Light Games
2007-05-09 à 15:59:37 - FloodLightGames
2007-11-02 à 19:14:48 - ForgottenRiddles
2007-01-11 à 19:44:11 - funkitron
2007-04-13 à 17:50:34 - Gaijin Ent
2008-03-05 à 20:26:54 - Gamelab
2007-02-10 à 14:12:23 - Google
2008-02-18 à 12:27:04 - Grisoft
2003-11-16 à 06:13:42 - Help
2007-12-14 à 15:22:16 - Home Sweet Home
2006-11-28 à 18:45:06 - Identities
2003-09-05 à 07:39:04 - InterVideo
2007-05-20 à 11:25:46 - iWin
2007-10-09 à 18:37:54 - Jane s Hotel
2005-04-30 à 00:58:37 - Lavasoft
2004-11-14 à 03:34:06 - Leadertech
2007-10-31 à 15:46:57 - Legends of pirates
2005-09-29 à 01:18:35 - Macromedia
2005-11-24 à 17:14:11 - Magic Match
2008-03-27 à 19:18:01 - Malwarebytes
2008-02-16 à 15:36:55 - Microsoft
2007-06-29 à 21:36:59 - Mozilla
2003-11-22 à 21:01:15 - MSN6
2007-04-16 à 12:01:51 - MysteryStudio
2008-02-22 à 16:29:32 - Netscape
2007-06-08 à 12:56:33 - Ohana Games
2008-03-07 à 14:57:53 - OpenOffice.org2
2008-03-23 à 19:30:00 - PlayFirst
2007-12-06 à 12:15:47 - Reasonable Software House Ltd
2007-07-27 à 19:34:15 - Sandlot Games
2007-04-16 à 17:44:05 - ScreenSeven
2007-10-01 à 23:29:03 - Sheeplings
2008-01-30 à 15:38:10 - SmartDraw
2007-08-07 à 18:54:13 - Sun
2007-11-25 à 19:58:05 - Super-Cow
2003-11-10 à 20:40:21 - Symantec
2007-06-29 à 21:37:13 - Talkback
2004-02-01 à 22:32:24 - The Labyrinth Plus! Edition
2005-08-25 à 02:34:52 - Thunderbird
2006-03-28 à 22:40:39 - Webshots
2005-10-18 à 23:27:57 - Wildfire
2007-09-11 à 16:50:48 - WinRAR
2007-10-23 à 15:42:23 - Yahoo!
2007-12-18 à 13:05:08 - yoclient
2006-11-28 à 18:45:06 - Zylom

+- C:\Documents and Settings\robert\Local Settings\Application Data

2007-10-24 à 18:38:25 - Adobe
2007-10-16 à 18:59:48 - Ahead
2008-01-14 à 20:18:34 - Apple Computer
2008-02-26 à 17:51:33 - ApplicationHistory
2006-07-26 à 19:53:55 - Autodesk
2008-02-26 à 02:44:31 - FamilyRestaurant
2007-09-25 à 10:55:29 - Google
2006-12-22 à 04:16:10 - Grubby Games
2006-01-11 à 14:09:19 - Help
2003-11-13 à 03:02:18 - Identities
2007-10-23 à 19:00:19 - Installer3224
2007-11-22 à 21:06:04 - Installer3316
2007-04-24 à 15:05:09 - JollyBear
2008-03-09 à 14:56:23 - Microsoft
2007-06-29 à 21:36:59 - Mozilla
2006-01-11 à 14:52:18 - Musicmatch
2004-10-03 à 22:47:29 - Newsoft
2008-02-25 à 18:52:35 - Oberon Games
2007-07-11 à 19:08:16 - Oberon Media
2008-02-26 à 17:58:04 - PCHealth
2007-12-06 à 12:25:54 - Reasonable_Software_House
2008-03-08 à 15:07:39 - Room Arranger
2007-09-18 à 18:47:59 - SeatingArrangement
2007-09-16 à 23:51:41 - WMTools Downloaded Files

========== Listing du dossier Program Files

+- C:\Program Files

2008-02-22 à 19:35:12 - Acoustica CD Label Maker
2007-10-23 à 19:03:44 - Adobe
2003-09-05 à 07:39:47 - Ahead
2007-03-07 à 19:24:46 - AKVIS
2005-11-25 à 10:51:09 - Alwil Software
2006-07-26 à 19:53:54 - AnswerWorks 4.0
2005-03-11 à 14:40:47 - ArcSoft
2006-07-26 à 19:54:18 - AutoCAD 2004
2005-02-14 à 06:26:19 - Autodesk
2008-03-10 à 01:34:22 - Benjamin Moore
2007-10-23 à 16:03:19 - Bonjour
2008-02-22 à 19:35:15 - BookingBoard
2006-10-27 à 20:10:42 - Canon
2007-12-21 à 16:44:27 - CCleaner
2008-02-26 à 17:25:54 - Common Files
2003-09-05 à 07:39:47 - ComPlus Applications
2008-01-30 à 15:43:00 - Creative
2007-12-30 à 12:09:32 - Diablo II
2006-05-08 à 21:33:21 - DIFX
2007-01-14 à 15:55:06 - DigitalPeers
2003-12-28 à 17:54:50 - directx
2006-04-18 à 19:35:08 - Downloaded Installations
2005-01-21 à 15:23:31 - Druide
2005-06-18 à 22:45:22 - EA Games
2007-02-26 à 20:39:45 - Electronic Arts
2008-03-27 à 01:02:52 - ErrorKiller
2005-08-28 à 23:52:21 - Etresoft Decoder 3.1
2006-11-24 à 14:11:28 - FLISoft
2007-10-23 à 18:03:43 - Google
2007-03-22 à 15:10:32 - IKEA HomePlanner
2008-03-23 à 19:23:51 - IncrediGames
2008-02-25 à 18:38:31 - Incredijeux
2008-02-17 à 22:26:59 - IncrediMail
2005-09-04 à 12:47:29 - Infogrames
2004-07-30 à 01:27:10 - Infogrames Interactive
2005-03-11 à 14:41:10 - Ingenio-LQ
2008-02-22 à 16:32:06 - InstallShield Installation Information
2008-02-17 à 16:40:57 - Internet Explorer
2006-01-29 à 14:36:21 - Logitech
2008-03-28 à 10:15:02 - Lopxp
2006-02-14 à 20:13:18 - Macrogaming
2008-03-28 à 00:17:59 - Malwarebytes' Anti-Malware
2006-11-01 à 12:23:45 - Maxis
2005-02-14 à 05:31:30 - Messenger
2004-12-27 à 17:23:10 - Microids
2007-03-30 à 17:52:20 - MicroProse
2007-05-09 à 09:07:05 - Microsoft CAPICOM 2.1.0.2
2003-09-05 à 07:40:14 - microsoft frontpage
2007-04-05 à 17:00:22 - Microsoft Games
2003-12-13 à 23:38:50 - Microsoft Hardware
2004-04-05 à 03:30:47 - Microsoft Office
2004-02-01 à 22:27:37 - Microsoft Plus!
2008-02-26 à 17:43:57 - Microsoft SQL Server Compact Edition
2003-11-25 à 17:18:31 - Microsoft Visual Studio
2005-09-15 à 18:00:22 - Mindscape
2005-02-14 à 05:31:32 - Movie Maker
2003-12-21 à 23:09:12 - MSN
2005-02-09 à 20:11:56 - MSN Apps
2003-09-05 à 07:40:08 - MSN Gaming Zone
2008-03-28 à 00:21:48 - MSN Messenger
2006-11-18 à 18:53:44 - MSXML 4.0
2006-01-19 à 14:45:34 - Musicmatch
2004-10-07 à 16:14:40 - NetMeeting
2006-09-17 à 21:07:53 - Netscape
2004-10-06 à 21:25:00 - NewSoft
2007-12-21 à 19:06:43 - Norton Internet Security
2007-10-03 à 17:51:22 - Norton Security Scan
2007-12-30 à 12:05:00 - Oberon Media
2003-09-05 à 07:40:11 - Online Services
2007-08-07 à 18:55:43 - OpenOffice.org 2.2
2007-06-13 à 09:04:01 - Outlook Express
2008-03-27 à 17:23:22 - Panda Security
2007-10-11 à 15:56:37 - Picasa2
2007-09-16 à 13:43:04 - Presentersoft PowerVideoMaker PPS EN DVD
2005-10-30 à 18:34:15 - Project1
2007-10-23 à 16:50:59 - QuickTime
2008-03-08 à 14:50:12 - Room Arranger
2006-07-19 à 02:04:47 - Samsung ML-2010 Series
2007-09-18 à 18:46:08 - Seating Arrangement
2008-03-25 à 15:12:17 - SmartDraw 2008
2008-03-11 à 10:18:20 - Spybot - Search & Destroy

Toujours Impossible de faire: vire ce qui est dans moved files en allant dans poste de travail puis c puis otmovit Puisse que je ne trouve plus aucun fichier dans le C a ce nom Bizarre...

Voici le rapport Hicjackthis.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:28:13, on 2008-03-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ca/s/v/24.9/uploader2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 12914 bytes

J'ai toujours une fenêtre qui indique ceci qui ne cesse d'apparaitre:

lucallbackproxy.exe

   
Répondre à rocksugar

22

rocksugar, le 28 mar 2008 à 13:40:39

Jlpjlp,

De plus, j'ai toujours cette fenêtre qui apparaît qui dit:

The application has failed ti start beacause MCF71U.DLL was not found. Re-Installing the application may fix the problem...

Peux-tu m'aider a retirer cette fenêtre aussi en ^même temps que l'autre: lucallbackproxy.exe


Merci à l'avance

   
Répondre à rocksugar

23

jlpjlp, le 29 mar 2008 à 11:02:24

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Policies\Explorer\Run: [XKzCRxfxYt] C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe

_____________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\Documents and Settings\All Users\Application Data\lijqvgvy\xcdebmti.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

________________

pour
MCF71U.DLL


regarde ici:

http://www.driverskit.com/dll/mfc71u.dll/1931.html


____________

recolle un combofix

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

___________________
encore des soucis? recolle hijakhcits

   
Répondre à jlpjlp

24

rocksugar, le 29 mar 2008 à 13:24:14

Bon matin jlpjlp,

J'ai Relancer un Hijacthis et coché et fix checked.

J'ai fait un Otmoit et lancer supressions de la citation.

J'ai aussi lancé le logiciel pour le MCF71U.DLL Cependant, 993 fichier a été détecté et seulement 15 ont été réparer gratuitement, ça m'indique de payé pour le reste.....Que faire ?

Voici le rapport de combofix:

ComboFix 08-03-26.1 - robert 2008-03-29 8:00:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.361 [GMT -4:00]
Running from: C:\Documents and Settings\robert\Desktop\OUTILS PC\Killbeagle.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.
TimedOut: progfile.dat
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\WINDOWS\system32\*"
SED "/32\\[0-9]*\\insatll.~tmp/I!d"
VFind -tf "C:\WINDOWS\system32\insatll.~tmp"
Findstr -MIF:/ sursen
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-29 06:31 . 2008-03-29 06:31 <DIR> d-------- C:\Program Files\Uniblue
2008-03-29 06:31 . 2008-03-29 06:31 <DIR> d-------- C:\Documents and Settings\robert\Application Data\Uniblue
2008-03-28 08:58 . 2008-03-28 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
2008-03-27 15:51 . 2008-03-28 06:15 <DIR> d-------- C:\Program Files\Lopxp
2008-03-27 15:18 . 2008-03-27 15:18 <DIR> d-------- C:\Documents and Settings\robert\Application Data\Malwarebytes
2008-03-27 15:17 . 2008-03-27 20:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-27 15:17 . 2008-03-27 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-27 11:23 . 2008-03-27 11:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 20:54 . 2008-03-27 13:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 20:54 . 2008-03-27 12:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-25 11:06 . 2008-03-25 11:12 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-03-23 14:46 . 2008-03-23 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DivoGames
2008-03-10 16:45 . 2008-03-10 16:28 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 16:45 . 2008-03-10 16:45 2,548 --a------ C:\WINDOWS\unins000.dat
2008-03-09 21:34 . 2008-03-09 21:34 <DIR> d-------- C:\Program Files\Benjamin Moore
2008-03-09 21:34 . 2008-03-09 21:34 <DIR> d-------- C:\Benjamin Moore
2008-03-08 10:50 . 2008-03-08 10:50 <DIR> d-------- C:\Program Files\Room Arranger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-29 11:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 00:21 --------- d-----w C:\Program Files\MSN Messenger
2008-03-27 19:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-27 17:23 --------- d-----w C:\Program Files\Panda Security
2008-03-27 01:02 --------- d-----w C:\Program Files\ErrorKiller
2008-03-23 19:30 --------- d-----w C:\Documents and Settings\robert\Application Data\PlayFirst
2008-03-23 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-23 19:23 --------- d-----w C:\Program Files\IncrediGames
2008-03-19 12:50 --------- d-----w C:\Documents and Settings\robert\Application Data\Canon
2008-03-11 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 10:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 14:57 --------- d-----w C:\Documents and Settings\robert\Application Data\OpenOffice.org2
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-05 20:26 --------- d-----w C:\Documents and Settings\robert\Application Data\Gamelab
2008-02-28 19:16 69,024 -c--a-w C:\Documents and Settings\robert\Application Data\GDIPFONTCACHEV1.DAT
2008-02-27 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-27 13:02 --------- d-----w C:\Program Files\Windows Live
2008-02-26 17:51 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-26 17:51 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-26 17:43 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 18:38 --------- d-----w C:\Program Files\Incredijeux
2008-02-25 18:30 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-02-22 19:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-22 19:35 --------- d-----w C:\Program Files\BookingBoard
2008-02-22 19:35 --------- d-----w C:\Program Files\Acoustica CD Label Maker
2008-02-22 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 16:29 --------- d-----w C:\Documents and Settings\robert\Application Data\Netscape
2008-02-18 12:27 --------- d-----w C:\Documents and Settings\robert\Application Data\Grisoft
2008-02-18 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 22:26 --------- d-----w C:\Program Files\IncrediMail
2008-02-17 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 00:46 85,504 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-15 03:19 164 ----a-w C:\install.dat
2008-02-08 15:37 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-01 16:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 15:43 --------- d-----w C:\Program Files\Creative
2008-01-30 15:38 --------- d-----w C:\Documents and Settings\robert\Application Data\SmartDraw
2006-02-23 22:12 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2003-11-22 21:49 1 -c--a-w C:\Documents and Settings\robert\scrcfg.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 08:52 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-03 16:04 214456]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 15:51 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 00:41 94208]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 18:19 40960]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 23:56 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-01 00:00 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 23:56 188416]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 20:50 33792]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 19:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 13:22 26248]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"!AVG Anti-Spyware"="C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Documents and Settings\\robert\\My Documents\\My Received Files\\IziSpot 3\\IziSpot.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-20 17:41]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 00:06:12 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - robert.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-29 11:32:40 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 08:07:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-29 8:14:03
ComboFix-quarantined-files.txt 2008-03-29 12:14:00
Pre-Run: 24,214,421,504 bytes free
Post-Run: 24,203,825,152 bytes free
.
2008-03-12 12:04:06 --- E O F ---

Voici le nouveau rapport de Hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:20:47, on 2008-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ca/s/v/24.9/uploader2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\robert\Desktop\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 12289 bytes

Toujours le problème de la fenetre qui ouvre : MCF71U.dll et toujours celle de lucallbackproxy.exe.

Est-ce que tu crois qu'il manque encore beaucoup d'intervention avant que tout soit redevenu dans l'ordre ?

Merci de ta grande patience.

   
Répondre à rocksugar

25

jlpjlp, le 29 mar 2008 à 13:55:48

Ok combofix et hiajkchtis sont ok!


pour

lucallbackproxy.exe : cela vient de norton (symantec) : essaye de le réinstaller pour voir

http://www.generation-nt.com/lucallbackproxy-exe-processus-3­2351.html
_____________


MCF71U.dll

recherche ici le dll :

http://www.fichier-dll.fr/

_______________
sinon fais
Démarrer >> Exécuter et tape sfc
_______________

sinon utilise ccleaner pour reparer le registre


CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

http://www.01net.com/...
-----------------------

si ca persiste repare windows:

http://www.pcastuces.com/pratique/windows/xp/1340.htm

______________

   
Répondre à jlpjlp

26

rocksugar, le 29 mar 2008 à 20:49:25

Jlpjlp,

Donc, je n'ai plus de virus ?

Le combofix et hiajkchtis sont ok....fiouuuuuuuuuuu....Merci

Le ccleaner je l'avais déjà, je le fais à tous les jours et il ne réparer pas le MCF71U.dll

Pour le MCF71U.dll J'ai recherché le dll : http://www.fichier-dll.fr/

Mais ça n'a pas fonctionné.

J'ai fais Démarrer >> Exécuter et tape sfc et ça semble fonctionner, ça ne m'a pas indiqué qu'il y avait quelque chose à faire...

Donc si je récapitule.....

1. Je n'ai plus aucun virus c'est ça ?

2. La seule chose qui ne fonctionne pas en ce moment c'est: lucallbackproxy.exe

Et si ça vient de norton (symantec) : Je vais le désinstaller et le réinstaller pour voir s'il y a quelque chose a faire.

Juste me confirmer ma question 1 SVP et je te reviens dàs que j'ai réussi à désinstaller et réinstaller symentec.

Un énorme merci pour tes talents et ton aide, c'est très, très apprécié.

   
Répondre à rocksugar
30 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide