Comment éliminer un virus troyen rapidement ?Résolu/Fermé

Question

Bonjour,
j'ai un virus sur mon ordi depuis 2 jours environ , et je n'arrive absolument pas à m'en débarasser ! 
J'y connais pas grand chos non plus , alors svp , aidez-moi !

Merci davance

Destrio5 · Answer

Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

julia_*** · Answer

merci beaucoup pour ta réponse si rapide ! 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:19, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [BMdb9784dc] Rundll32.exe "C:\WINDOWS\system32\eqjoksxi.dll",s
O4 - HKLM\..\Run: [d8a4b740] rundll32.exe "C:\WINDOWS\system32\lcbbmrdi.dll",b
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://butterfly83ju.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: nwpsla.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Destrio5 · Answer

Infection Vundo.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

julia_*** · Answer

je n'arrive pas à télécharger combofix ,

Destrio5 · Answer

Comment ça ?

julia_*** · Answer

une fenetre apparait : erreur . you cannot rename Combofx as 
                               please use another name , preferably made up of alphanumeric characters

Destrio5 · Answer

http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

julia_*** · Answer

ca fait la meme chose

Destrio5 · Answer

https://www.mediafire.com/?sharekey=c4babc76d8bea0f6ab1eab3e9fa335ca41cb600f42dcaa6e

julia_*** · Answer

ComboFix 08-10-02.04 - LOMBARD CAZAC 2008-10-03 18:10:59.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.155 [GMT 2:00] Lancé depuis: C:\DOCUME~1\LOMBAR~1\LOCALS~1\Temp\QZTEMP\ComboFix.exe * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\GamesBar\oberontb.dll C:\WINDOWS\BMdb9784dc.txt C:\WINDOWS\BMdb9784dc.xml C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\hosts C:\WINDOWS\pskt.ini C:\WINDOWS\system32\byXrsroo.dll C:\WINDOWS\system32\efcAPFwT.dll C:\WINDOWS\system32\fccaBtqR.dll C:\WINDOWS\system32\geBqNGxv.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\TwFPAcfe.ini C:\WINDOWS\system32\TwFPAcfe.ini2 C:\WINDOWS\system32\wvUkIXpn.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_MCHINJDRV -------\Service_Boonty Games ((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 ))))))))))))))))))))))))))))))) . 2008-10-03 18:28 . 2008-10-03 18:30 22 --a------ C:\WINDOWS\pskt.ini 2008-10-03 18:28 . 2008-10-03 18:29 0 --a------ C:\WINDOWS\BMdb9784dc.xml 2008-10-03 17:18 . 2008-10-03 17:18 d-------- C:\Program Files\Trend Micro 2008-10-03 16:17 . 2008-10-03 16:17 123,904 --a------ C:\WINDOWS\system32 hxrilya.dll 2008-10-03 16:17 . 2008-10-03 16:17 123,904 --a------ C:\WINDOWS\system32 wpsla.dll 2008-10-03 16:14 . 2008-10-03 18:29 1,014,710 ---hs---- C:\WINDOWS\system32\idrmbbcl.ini 2008-10-03 16:14 . 2008-10-03 16:14 101,888 --a------ C:\WINDOWS\system32\gjgppymg.dll 2008-10-03 16:14 . 2008-10-03 16:14 71,168 --a------ C:\WINDOWS\system32\lcbbmrdi.dll 2008-10-03 12:58 . 2008-10-03 12:59 1,021,891 ---hs---- C:\WINDOWS\system32\qlykwqqh.ini 2008-10-03 12:58 . 2008-10-03 12:58 71,168 --a------ C:\WINDOWS\system32\hqqwkylq.dll 2008-10-03 12:55 . 2008-10-03 12:55 123,904 --a------ C:\WINDOWS\system32 cftfe.dll 2008-10-03 12:55 . 2008-10-03 12:55 123,904 --a------ C:\WINDOWS\system32\iqeffmxd.dll 2008-10-03 12:52 . 2008-10-03 12:52 101,888 --a------ C:\WINDOWS\system32\eqjoksxi.dll 2008-10-02 13:34 . 2008-10-03 17:26 d-------- C:\Program Files\a-squared Anti-Malware 2008-10-02 12:56 . 2008-10-02 13:23 d-------- C:\Program Files\Navilog1 2008-10-02 12:56 . 2008-10-02 13:07 952,041 ---hs---- C:\WINDOWS\system32 ivmlpon.ini 2008-10-02 12:56 . 2008-10-02 12:56 71,168 --a------ C:\WINDOWS\system32 oplmvit.dll 2008-10-02 12:54 . 2008-10-02 12:54 123,904 --a------ C:\WINDOWS\system32\wsgpiewi.dll 2008-10-02 12:54 . 2008-10-02 12:54 123,904 --a------ C:\WINDOWS\system32\ilqupz.dll 2008-10-02 12:53 . 2008-10-02 12:53 101,888 --a------ C:\WINDOWS\system32\alobgbik.dll 2008-10-01 10:05 . 2008-10-01 10:05 123,904 --a------ C:\WINDOWS\system32\lazgyp.dll 2008-10-01 10:05 . 2008-10-01 10:05 123,904 --a------ C:\WINDOWS\system32\cbmasien.dll 2008-10-01 10:02 . 2008-10-02 12:55 932,821 ---hs---- C:\WINDOWS\system32\pwxuuyeb.ini 2008-10-01 10:01 . 2008-10-01 10:01 105,984 --a------ C:\WINDOWS\system32\qkjcgitm.dll 2008-09-28 15:49 . 2008-09-28 15:49 d-------- C:\Documents and Settings\LOMBARD CAZACtempupdate 2008-09-28 15:49 . 2008-09-28 15:49 d-------- C:\Documents and Settings\LOMBARD CAZAC\Application Data\D-Jix Media 2008-09-28 15:48 . 2008-09-29 11:14 d-------- C:\Program Files\jre 2008-09-28 15:46 . 2008-09-29 11:17 d-------- C:\Program Files\lib 2008-09-16 02:14 . 2008-09-16 02:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-09-16 02:14 . 2008-09-16 02:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-09-16 02:14 . 2008-09-16 02:14 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-09-16 02:14 . 2008-09-16 02:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-09-16 02:11 . 2008-09-16 02:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-09-16 02:11 . 2008-09-16 02:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-09-16 02:11 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll 2008-09-16 02:11 . 2008-09-16 02:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-09-16 02:11 . 2008-09-16 02:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-09-12 15:03 . 2008-09-12 15:03 d-------- C:\Documents and Settings\LOMBARD CAZAC\Application Data\FloodLightGames 2008-09-12 15:03 . 2008-09-12 15:03 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-03 16:30 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\Skype 2008-10-03 16:30 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\OpenOffice.org2 2008-10-03 16:12 --------- d-----w C:\Program Files\GamesBar 2008-10-03 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar 2008-10-01 09:36 --------- d-----w C:\Program Files\eMule 2008-09-29 15:56 --------- d-----w C:\Program Files\LimeWire 2008-09-29 09:27 --------- d-----w C:\Program Files\DivX 2008-09-21 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg 2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-09-12 15:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-11 14:39 --------- d-----w C:\Program Files\FinePixViewer 2008-09-07 18:14 --------- d-----w C:\Program Files\Mah Jong Quest 2008-09-01 09:53 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\Flood Light Games 2008-09-01 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2008-09-01 09:37 --------- d-----w C:\Program Files\Orange 2008-09-01 09:37 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-08-28 11:19 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\OnlineStorage 2008-08-28 10:10 --------- d-----w C:\Program Files\mes données 2008-08-28 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix 2008-08-28 09:48 61,224 ----a-w C:\Documents and Settings\LOMBARD CAZAC\GoToAssistDownloadHelper.exe 2008-08-28 09:48 --------- d-----w C:\Program Files\Citrix 2008-08-24 08:59 --------- d-----w C:\Program Files\Java 2008-08-15 09:03 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-08-15 09:03 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\AOL 2008-08-15 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-08-15 09:01 --------- d-----w C:\Program Files\Yahoo! 2008-08-12 14:35 --------- d-----w C:\Program Files\Picasa2 2008-08-12 10:12 4,130 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-07 12:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2007-09-26 10:18 62,482,427 -c--a-w C:\Program Files\install_avfw412_or.exe 2006-03-31 14:03 51,911,784 -c--a-w C:\Program Files\CorelPhotoAlbum_TryBuy_FR.exe 2006-03-19 15:22 4,464,128 -c--a-w C:\Program Files\b1cd_frx.exe 2006-01-20 16:10 343,552 -c--a-w C:\Documents and Settings\LOMBARD CAZAC emote.exe 2006-01-20 15:50 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2005-12-17 15:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-03-31 14:35 56 --sh--r C:\WINDOWS\system32\34E61E5BE0.sys 2008-04-14 02:33 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll 2008-04-14 02:33 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2007-01-10 16:51 8 --sh--r C:\WINDOWS\system32\E05B1EE634.sys 2008-04-14 02:33 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-05 11:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 2008-04-14 02:33 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2008-04-14 02:33 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2004-08-05 11:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32(2)(2)(2)(2).dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32(2)(2)(2).dll 2008-04-14 02:33 551,936 --sha-w C:\WINDOWS\system32\oleaut32.dll 2008-04-14 02:33 84,992 --sha-w C:\WINDOWS\system32\olepro32.dll 2008-04-14 02:33 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll .

julia_*** · Answer

désolé , ca a pris beaucoup de temps . L'ordinateur es t tres lent !

Destrio5 · Answer

Ok, par contre, le rapport n'est pas complet. Peux-tu me l'envoyer sur destrio5@free.fr ?

julia_*** · Answer

ComboFix 08-10-02.04 - LOMBARD CAZAC 2008-10-03 18:10:59.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.155 [GMT 2:00] Lancé depuis: C:\DOCUME~1\LOMBAR~1\LOCALS~1\Temp\QZTEMP\ComboFix.exe * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\GamesBar\oberontb.dll C:\WINDOWS\BMdb9784dc.txt C:\WINDOWS\BMdb9784dc.xml C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\hosts C:\WINDOWS\pskt.ini C:\WINDOWS\system32\byXrsroo.dll C:\WINDOWS\system32\efcAPFwT.dll C:\WINDOWS\system32\fccaBtqR.dll C:\WINDOWS\system32\geBqNGxv.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\TwFPAcfe.ini C:\WINDOWS\system32\TwFPAcfe.ini2 C:\WINDOWS\system32\wvUkIXpn.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_MCHINJDRV -------\Service_Boonty Games ((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 ))))))))))))))))))))))))))))))) . 2008-10-03 18:28 . 2008-10-03 18:30 22 --a------ C:\WINDOWS\pskt.ini 2008-10-03 18:28 . 2008-10-03 18:29 0 --a------ C:\WINDOWS\BMdb9784dc.xml 2008-10-03 17:18 . 2008-10-03 17:18 d-------- C:\Program Files\Trend Micro 2008-10-03 16:17 . 2008-10-03 16:17 123,904 --a------ C:\WINDOWS\system32 hxrilya.dll 2008-10-03 16:17 . 2008-10-03 16:17 123,904 --a------ C:\WINDOWS\system32 wpsla.dll 2008-10-03 16:14 . 2008-10-03 18:29 1,014,710 ---hs---- C:\WINDOWS\system32\idrmbbcl.ini 2008-10-03 16:14 . 2008-10-03 16:14 101,888 --a------ C:\WINDOWS\system32\gjgppymg.dll 2008-10-03 16:14 . 2008-10-03 16:14 71,168 --a------ C:\WINDOWS\system32\lcbbmrdi.dll 2008-10-03 12:58 . 2008-10-03 12:59 1,021,891 ---hs---- C:\WINDOWS\system32\qlykwqqh.ini 2008-10-03 12:58 . 2008-10-03 12:58 71,168 --a------ C:\WINDOWS\system32\hqqwkylq.dll 2008-10-03 12:55 . 2008-10-03 12:55 123,904 --a------ C:\WINDOWS\system32 cftfe.dll 2008-10-03 12:55 . 2008-10-03 12:55 123,904 --a------ C:\WINDOWS\system32\iqeffmxd.dll 2008-10-03 12:52 . 2008-10-03 12:52 101,888 --a------ C:\WINDOWS\system32\eqjoksxi.dll 2008-10-02 13:34 . 2008-10-03 17:26 d-------- C:\Program Files\a-squared Anti-Malware 2008-10-02 12:56 . 2008-10-02 13:23 d-------- C:\Program Files\Navilog1 2008-10-02 12:56 . 2008-10-02 13:07 952,041 ---hs---- C:\WINDOWS\system32 ivmlpon.ini 2008-10-02 12:56 . 2008-10-02 12:56 71,168 --a------ C:\WINDOWS\system32 oplmvit.dll 2008-10-02 12:54 . 2008-10-02 12:54 123,904 --a------ C:\WINDOWS\system32\wsgpiewi.dll 2008-10-02 12:54 . 2008-10-02 12:54 123,904 --a------ C:\WINDOWS\system32\ilqupz.dll 2008-10-02 12:53 . 2008-10-02 12:53 101,888 --a------ C:\WINDOWS\system32\alobgbik.dll 2008-10-01 10:05 . 2008-10-01 10:05 123,904 --a------ C:\WINDOWS\system32\lazgyp.dll 2008-10-01 10:05 . 2008-10-01 10:05 123,904 --a------ C:\WINDOWS\system32\cbmasien.dll 2008-10-01 10:02 . 2008-10-02 12:55 932,821 ---hs---- C:\WINDOWS\system32\pwxuuyeb.ini 2008-10-01 10:01 . 2008-10-01 10:01 105,984 --a------ C:\WINDOWS\system32\qkjcgitm.dll 2008-09-28 15:49 . 2008-09-28 15:49 d-------- C:\Documents and Settings\LOMBARD CAZACtempupdate 2008-09-28 15:49 . 2008-09-28 15:49 d-------- C:\Documents and Settings\LOMBARD CAZAC\Application Data\D-Jix Media 2008-09-28 15:48 . 2008-09-29 11:14 d-------- C:\Program Files\jre 2008-09-28 15:46 . 2008-09-29 11:17 d-------- C:\Program Files\lib 2008-09-16 02:14 . 2008-09-16 02:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-09-16 02:14 . 2008-09-16 02:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-09-16 02:14 . 2008-09-16 02:14 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-09-16 02:14 . 2008-09-16 02:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-09-16 02:11 . 2008-09-16 02:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-09-16 02:11 . 2008-09-16 02:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-09-16 02:11 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll 2008-09-16 02:11 . 2008-09-16 02:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-09-16 02:11 . 2008-09-16 02:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-09-12 15:03 . 2008-09-12 15:03 d-------- C:\Documents and Settings\LOMBARD CAZAC\Application Data\FloodLightGames 2008-09-12 15:03 . 2008-09-12 15:03 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-03 16:30 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\Skype 2008-10-03 16:30 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\OpenOffice.org2 2008-10-03 16:12 --------- d-----w C:\Program Files\GamesBar 2008-10-03 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar 2008-10-01 09:36 --------- d-----w C:\Program Files\eMule 2008-09-29 15:56 --------- d-----w C:\Program Files\LimeWire 2008-09-29 09:27 --------- d-----w C:\Program Files\DivX 2008-09-21 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg 2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-09-12 15:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-11 14:39 --------- d-----w C:\Program Files\FinePixViewer 2008-09-07 18:14 --------- d-----w C:\Program Files\Mah Jong Quest 2008-09-01 09:53 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\Flood Light Games 2008-09-01 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2008-09-01 09:37 --------- d-----w C:\Program Files\Orange 2008-09-01 09:37 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-08-28 11:19 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\OnlineStorage 2008-08-28 10:10 --------- d-----w C:\Program Files\mes données 2008-08-28 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix 2008-08-28 09:48 61,224 ----a-w C:\Documents and Settings\LOMBARD CAZAC\GoToAssistDownloadHelper.exe 2008-08-28 09:48 --------- d-----w C:\Program Files\Citrix 2008-08-24 08:59 --------- d-----w C:\Program Files\Java 2008-08-15 09:03 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-08-15 09:03 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\AOL 2008-08-15 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-08-15 09:01 --------- d-----w C:\Program Files\Yahoo! 2008-08-12 14:35 --------- d-----w C:\Program Files\Picasa2 2008-08-12 10:12 4,130 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-07 12:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2007-09-26 10:18 62,482,427 -c--a-w C:\Program Files\install_avfw412_or.exe 2006-03-31 14:03 51,911,784 -c--a-w C:\Program Files\CorelPhotoAlbum_TryBuy_FR.exe 2006-03-19 15:22 4,464,128 -c--a-w C:\Program Files\b1cd_frx.exe 2006-01-20 16:10 343,552 -c--a-w C:\Documents and Settings\LOMBARD CAZAC emote.exe 2006-01-20 15:50 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2005-12-17 15:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-03-31 14:35 56 --sh--r C:\WINDOWS\system32\34E61E5BE0.sys 2008-04-14 02:33 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll 2008-04-14 02:33 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2007-01-10 16:51 8 --sh--r C:\WINDOWS\system32\E05B1EE634.sys 2008-04-14 02:33 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-05 11:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 2008-04-14 02:33 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2008-04-14 02:33 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2004-08-05 11:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32(2)(2)(2)(2).dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32(2)(2)(2).dll 2008-04-14 02:33 551,936 --sha-w C:\WINDOWS\system32\oleaut32.dll 2008-04-14 02:33 84,992 --sha-w C:\WINDOWS\system32\olepro32.dll 2008-04-14 02:33 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll .

julia_*** · Answer

Et je suis toujours aussi perdu avec ce virus...

julia_*** · Answer

Voila , je viens de me rendre compte que le rapport était totalement incomplet , alors j'en ais fait un autre : ComboFix 08-10-03.05 - LOMBARD CAZAC 2008-10-04 12:05:02.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.163 [GMT 2:00] Lancé depuis: C:\DOCUME~1\LOMBAR~1\LOCALS~1\Temp\QZTEMP\ComboFix.exe * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMdb9784dc.txt C:\WINDOWS\BMdb9784dc.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\idrmbbcl.ini C:\WINDOWS\system32\pwxuuyeb.ini C:\WINDOWS\system32\qlykwqqh.ini C:\WINDOWS\system32 ivmlpon.ini . ---- Previous Run ------- . C:\Program Files\GamesBar\oberontb.dll C:\WINDOWS\BMdb9784dc.txt C:\WINDOWS\BMdb9784dc.xml C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\hosts C:\WINDOWS\pskt.ini C:\WINDOWS\system32\byXrsroo.dll C:\WINDOWS\system32\efcAPFwT.dll C:\WINDOWS\system32\fccaBtqR.dll C:\WINDOWS\system32\geBqNGxv.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\TwFPAcfe.ini C:\WINDOWS\system32\TwFPAcfe.ini2 C:\WINDOWS\system32\wvUkIXpn.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_MCHINJDRV -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-04 au 2008-10-04 )))))))))))))))))))))))))))))))))))) . 2008-10-03 17:18 . 2008-10-03 17:18 d-------- C:\Program Files\Trend Micro 2008-10-03 16:17 . 2008-10-03 16:17 123,904 --a------ C:\WINDOWS\system32 hxrilya.dll 2008-10-03 16:17 . 2008-10-03 16:17 123,904 --a------ C:\WINDOWS\system32 wpsla.dll 2008-10-03 16:14 . 2008-10-03 16:14 101,888 --a------ C:\WINDOWS\system32\gjgppymg.dll 2008-10-03 16:14 . 2008-10-03 16:14 71,168 --a------ C:\WINDOWS\system32\lcbbmrdi.dll 2008-10-03 12:58 . 2008-10-03 12:58 71,168 --a------ C:\WINDOWS\system32\hqqwkylq.dll 2008-10-03 12:55 . 2008-10-03 12:55 123,904 --a------ C:\WINDOWS\system32 cftfe.dll 2008-10-03 12:55 . 2008-10-03 12:55 123,904 --a------ C:\WINDOWS\system32\iqeffmxd.dll 2008-10-03 12:52 . 2008-10-03 12:52 101,888 --a------ C:\WINDOWS\system32\eqjoksxi.0ll 2008-10-02 13:34 . 2008-10-03 17:26 d-------- C:\Program Files\a-squared Anti-Malware 2008-10-02 12:56 . 2008-10-02 13:23 d-------- C:\Program Files\Navilog1 2008-10-02 12:56 . 2008-10-02 12:56 71,168 --a------ C:\WINDOWS\system32 oplmvit.dll 2008-10-02 12:54 . 2008-10-02 12:54 123,904 --a------ C:\WINDOWS\system32\wsgpiewi.dll 2008-10-02 12:54 . 2008-10-02 12:54 123,904 --a------ C:\WINDOWS\system32\ilqupz.dll 2008-10-02 12:53 . 2008-10-02 12:53 101,888 --a------ C:\WINDOWS\system32\alobgbik.dll 2008-10-01 10:05 . 2008-10-01 10:05 123,904 --a------ C:\WINDOWS\system32\lazgyp.dll 2008-10-01 10:05 . 2008-10-01 10:05 123,904 --a------ C:\WINDOWS\system32\cbmasien.dll 2008-10-01 10:01 . 2008-10-01 10:01 105,984 --a------ C:\WINDOWS\system32\qkjcgitm.dll 2008-09-28 15:49 . 2008-09-28 15:49 d-------- C:\Documents and Settings\LOMBARD CAZACtempupdate 2008-09-28 15:49 . 2008-09-28 15:49 d-------- C:\Documents and Settings\LOMBARD CAZAC\Application Data\D-Jix Media 2008-09-28 15:48 . 2008-09-29 11:14 d-------- C:\Program Files\jre 2008-09-28 15:46 . 2008-09-29 11:17 d-------- C:\Program Files\lib 2008-09-16 02:14 . 2008-09-16 02:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-09-16 02:14 . 2008-09-16 02:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-09-16 02:14 . 2008-09-16 02:14 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-09-16 02:14 . 2008-09-16 02:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-09-16 02:11 . 2008-09-16 02:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-09-16 02:11 . 2008-09-16 02:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-09-16 02:11 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll 2008-09-16 02:11 . 2008-09-16 02:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-09-16 02:11 . 2008-09-16 02:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-09-12 15:03 . 2008-09-12 15:03 d-------- C:\Documents and Settings\LOMBARD CAZAC\Application Data\FloodLightGames 2008-09-12 15:03 . 2008-09-12 15:03 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-04 09:33 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\Skype 2008-10-04 00:57 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\OpenOffice.org2 2008-10-03 16:12 --------- d-----w C:\Program Files\GamesBar 2008-10-03 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar 2008-10-01 09:36 --------- d-----w C:\Program Files\eMule 2008-09-29 15:56 --------- d-----w C:\Program Files\LimeWire 2008-09-29 09:27 --------- d-----w C:\Program Files\DivX 2008-09-21 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg 2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-09-12 15:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-11 14:39 --------- d-----w C:\Program Files\FinePixViewer 2008-09-07 18:14 --------- d-----w C:\Program Files\Mah Jong Quest 2008-09-01 09:53 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\Flood Light Games 2008-09-01 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2008-09-01 09:37 --------- d-----w C:\Program Files\Orange 2008-09-01 09:37 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-08-28 11:19 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\OnlineStorage 2008-08-28 10:10 --------- d-----w C:\Program Files\mes données 2008-08-28 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix 2008-08-28 09:48 61,224 ----a-w C:\Documents and Settings\LOMBARD CAZAC\GoToAssistDownloadHelper.exe 2008-08-28 09:48 --------- d-----w C:\Program Files\Citrix 2008-08-24 08:59 --------- d-----w C:\Program Files\Java 2008-08-15 09:03 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-08-15 09:03 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\AOL 2008-08-15 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-08-15 09:01 --------- d-----w C:\Program Files\Yahoo! 2008-08-12 14:35 --------- d-----w C:\Program Files\Picasa2 2008-08-12 10:12 4,130 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-07 12:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2007-09-26 10:18 62,482,427 -c--a-w C:\Program Files\install_avfw412_or.exe 2006-03-31 14:03 51,911,784 -c--a-w C:\Program Files\CorelPhotoAlbum_TryBuy_FR.exe 2006-03-19 15:22 4,464,128 -c--a-w C:\Program Files\b1cd_frx.exe 2006-01-20 16:10 343,552 -c--a-w C:\Documents and Settings\LOMBARD CAZAC emote.exe 2006-01-20 15:50 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2005-12-17 15:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-03-31 14:35 56 --sh--r C:\WINDOWS\system32\34E61E5BE0.sys 2008-04-14 02:33 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll 2008-04-14 02:33 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2007-01-10 16:51 8 --sh--r C:\WINDOWS\system32\E05B1EE634.sys 2008-04-14 02:33 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-05 11:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 2008-04-14 02:33 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2008-04-14 02:33 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2004-08-05 11:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32(2)(2)(2)(2).dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32(2)(2)(2).dll 2008-04-14 02:33 551,936 --sha-w C:\WINDOWS\system32\oleaut32.dll 2008-04-14 02:33 84,992 --sha-w C:\WINDOWS\system32\olepro32.dll 2008-04-14 02:33 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{612b16c4-163f-41f0-b0bc-68f260715b54}] 2008-10-03 16:17 123904 --a------ C:\WINDOWS\system32 wpsla.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 20058152] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe" [2003-10-13 184320] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 126976] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-10 106496] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-02-19 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "PCSuiteTrayApplication"="C:\Program Files\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "F-Secure Manager"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-04-23 182936] "F-Secure TNB"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-04-23 744032] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "d8a4b740"="C:\WINDOWS\system32\lcbbmrdi.dll" [2008-10-03 71168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="C:\Program Files\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] C:\Documents and Settings\LOMBARD CAZAC\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-15 24576] dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-09-28 315392] Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2006-08-13 294912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\GoToAssist] 2008-08-28 11:48 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\IntelWireless] 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=nwpsla.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\usmt\migwiz.exe"= "C:\WINDOWS\system32\fxsclnt.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\StubInstaller.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-23 57824] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-04-23 47936] R3 Amps2prt;Trust 450LR Mouse Wireless Optical Office Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-09-26 9728] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-23 62048] S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040] S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 52416] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2008-04-23 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2008-04-23 25184] . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - BHO-{67C5CBB2-6E04-495B-838D-EF85E50B04E8} - C:\WINDOWS\system32\wvUkIXpn.dll BHO-{DF7B031E-288B-49A6-93DD-AECD30103A94} - C:\WINDOWS\system32\efcAPFwT.dll HKCU-Run-msnmsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-PcSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe HKLM-Run-Desksite CMA - C:\Program Files\desksite\bin\cma.exe HKLM-Run-BMdb9784dc - C:\WINDOWS\system32\eqjoksxi.dll ShellExecuteHooks-{67C5CBB2-6E04-495B-838D-EF85E50B04E8} - C:\WINDOWS\system32\wvUkIXpn.dll . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\LOMBARD CAZAC\Application Data\Mozilla\Firefox\Profiles\ov9cq4dp.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-04 12:09:46 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-04 12:11:53 ComboFix-quarantined-files.txt 2008-10-04 10:11:19 Avant-CF: 24,596,013,056 octets libres Après-CF: 24,600,768,512 octets libres 260 --- E O F --- 2008-09-10 11:05:16

Destrio5 · Answer

Je te fais un script.

Destrio5 · Answer

/!\ Seul julia_*** peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

File::
C:\WINDOWS\system32	hxrilya.dll 
C:\WINDOWS\system32
wpsla.dll 
C:\WINDOWS\system32\gjgppymg.dll 
C:\WINDOWS\system32\lcbbmrdi.dll 
C:\WINDOWS\system32\hqqwkylq.dll 
C:\WINDOWS\system32
cftfe.dll 
C:\WINDOWS\system32\iqeffmxd.dll 
C:\WINDOWS\system32\eqjoksxi.0ll 
C:\WINDOWS\system32
oplmvit.dll 
C:\WINDOWS\system32\wsgpiewi.dll 
C:\WINDOWS\system32\ilqupz.dll 
C:\WINDOWS\system32\alobgbik.dll 
C:\WINDOWS\system32\lazgyp.dll 
C:\WINDOWS\system32\cbmasien.dll 
C:\WINDOWS\system32\qkjcgitm.dll 
C:\WINDOWS\system32
wpsla.dll 
C:\WINDOWS\system32\lcbbmrdi.dll

Folder::
C:\Program Files\Navilog1 
C:\Program Files\GamesBar 
C:\Documents and Settings\All Users\Application Data\GamesBar 

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{612b16c4-163f-41f0-b0bc-68f260715b54}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"SunJavaUpdateSched"=-
"ISUSScheduler"=-
"ISUSPM Startup"=-
"TkBellExe"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"d8a4b740"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
"AppInit_DLLs"=-





---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

julia_*** · Answer

ComboFix 08-10-03.06 - LOMBARD CAZAC 2008-10-04 14:20:49.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.247 [GMT 2:00] Lancé depuis: C:\Documents and Settings\LOMBARD CAZAC\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\LOMBARD CAZAC\Bureau\CFscript.txt * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] FILE :: C:\WINDOWS\system32\alobgbik.dll C:\WINDOWS\system32\cbmasien.dll C:\WINDOWS\system32\eqjoksxi.0ll C:\WINDOWS\system32\gjgppymg.dll C:\WINDOWS\system32\hqqwkylq.dll C:\WINDOWS\system32\ilqupz.dll C:\WINDOWS\system32\iqeffmxd.dll C:\WINDOWS\system32\lazgyp.dll C:\WINDOWS\system32\lcbbmrdi.dll C:\WINDOWS\system32\ncftfe.dll C:\WINDOWS\system32\noplmvit.dll C:\WINDOWS\system32\nwpsla.dll C:\WINDOWS\system32\qkjcgitm.dll C:\WINDOWS\system32\thxrilya.dll C:\WINDOWS\system32\wsgpiewi.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\GamesBar C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21.xm_ C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\about.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\action.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\arcade.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\around_the_world_in_80_days16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\big_city_adventure_sydney16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\buy.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\cards.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\chocolatier216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\deals.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\death_nile16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\download.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\dream_day_first_home16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\farm_frenzy_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\feedback.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\help.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\highlight.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\jewel_match_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\jigsaw.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\kids.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\magic_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\MagiciansHandbook16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\mahjong.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\MahjongChina16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\mygames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\newGames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\notFound.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\partner.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\popup_off.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\popup_on.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\puzzle.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\ranch_rush16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\riseAtlantis16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\saqqarah16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\search.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\sendafriend.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\sports.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\the_great_chocolate_chase16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\trial.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\uninstall.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\update.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-20-16-33-21\virtual_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25.xm_ C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\about.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\action.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\arcade.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\around_the_world_in_80_days16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\big_city_adventure_sydney16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\buy.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\cards.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\chocolatier216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\deals.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\death_nile16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\download.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\dream_day_first_home16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\farm_frenzy_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\feedback.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\help.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\highlight.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\jewel_match_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\jigsaw.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\kids.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\magic_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\MagiciansHandbook16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\mahjong.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\MahjongChina16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\mygames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\newGames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\notFound.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\partner.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\popup_off.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\popup_on.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\puzzle.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\ranch_rush16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\riseAtlantis16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\saqqarah16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\search.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\sendafriend.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\sports.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\the_great_chocolate_chase16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\trial.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\uninstall.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\update.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-09-27-23-20-25\virtual_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40.xm_ C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\about.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\around_the_world_in_80_days16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\big_city_adventure_sydney16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\chocolatier216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\death_nile16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\download.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\dream_day_first_home16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\farm_frenzy_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\feedback.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\help.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\highlight.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\jewel_match_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\magic_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\MagiciansHandbook16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\MahjongChina16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\newGames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\partner.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\popup_off.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\popup_on.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\ranch_rush16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\saqqarah16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\search.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\sendafriend.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\the_great_chocolate_chase16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\uninstall.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\update.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-08-40\virtual_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29.xm_ C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\about.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\action.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\arcade.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\around_the_world_in_80_days16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\big_city_adventure_sydney16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\buy.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\cards.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\chocolatier216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\deals.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\death_nile16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\download.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\dream_day_first_home16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\farm_frenzy_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\feedback.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\help.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\highlight.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\jewel_match_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\jigsaw.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\kids.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\magic_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\MagiciansHandbook16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\mahjong.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\MahjongChina16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\mygames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\newGames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\notFound.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\partner.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\popup_off.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\popup_on.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\puzzle.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\ranch_rush16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\riseAtlantis16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\saqqarah16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\search.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\sendafriend.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\sports.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\the_great_chocolate_chase16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\trial.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\uninstall.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\update.gif C:\Documents and Settings\All Users\Application Data\GamesBar\[u]0[/u]8-10-02-12-11-29\virtual_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\about.gif C:\Documents and Settings\All Users\Application Data\GamesBar\action.gif C:\Documents and Settings\All Users\Application Data\GamesBar\arcade.gif C:\Documents and Settings\All Users\Application Data\GamesBar\around_the_world_in_80_days16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\big_city_adventure_sydney16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\buy.gif C:\Documents and Settings\All Users\Application Data\GamesBar\cards.gif C:\Documents and Settings\All Users\Application Data\GamesBar\chocolatier216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\deals.gif C:\Documents and Settings\All Users\Application Data\GamesBar\death_nile16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\download.gif C:\Documents and Settings\All Users\Application Data\GamesBar\dream_day_first_home16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\farm_frenzy_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\feedback.gif C:\Documents and Settings\All Users\Application Data\GamesBar\help.gif C:\Documents and Settings\All Users\Application Data\GamesBar\highlight.gif C:\Documents and Settings\All Users\Application Data\GamesBar\jewel_match_216x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\jigsaw.gif C:\Documents and Settings\All Users\Application Data\GamesBar\kids.gif C:\Documents and Settings\All Users\Application Data\GamesBar\magic_farm16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\MagiciansHandbook16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\mahjong.gif C:\Documents and Settings\All Users\Application Data\GamesBar\MahjongChina16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\mygames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\newGames.gif C:\Documents and Settings\All Users\Application Data\GamesBar\notFound.gif C:\Documents and Settings\All Users\Application Data\GamesBar\oberonconfig.xm_ C:\Documents and Settings\All Users\Application Data\GamesBar\obSearchHistory.dat C:\Documents and Settings\All Users\Application Data\GamesBar\partner.gif C:\Documents and Settings\All Users\Application Data\GamesBar\popup_off.gif C:\Documents and Settings\All Users\Application Data\GamesBar\popup_on.gif C:\Documents and Settings\All Users\Application Data\GamesBar\puzzle.gif C:\Documents and Settings\All Users\Application Data\GamesBar\ranch_rush16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\riseAtlantis16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\saqqarah16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\search.gif C:\Documents and Settings\All Users\Application Data\GamesBar\sendafriend.gif C:\Documents and Settings\All Users\Application Data\GamesBar\sports.gif C:\Documents and Settings\All Users\Application Data\GamesBar\the_great_chocolate_chase16x16.gif C:\Documents and Settings\All Users\Application Data\GamesBar\trial.gif C:\Documents and Settings\All Users\Application Data\GamesBar\uninstall.gif C:\Documents and Settings\All Users\Application Data\GamesBar\update.gif C:\Documents and Settings\All Users\Application Data\GamesBar\virtual_farm16x16.gif C:\Program Files\GamesBar C:\Program Files\GamesBar\Localization-French.ini C:\Program Files\GamesBar\OBGet.exe C:\Program Files\GamesBar\uninst.exe C:\Program Files\Navilog1 C:\Program Files\Navilog1\fsblb.txt C:\Program Files\Navilog1\traitement.vbs C:\WINDOWS\system32\alobgbik.dll C:\WINDOWS\system32\cbmasien.dll C:\WINDOWS\system32\eqjoksxi.0ll C:\WINDOWS\system32\gjgppymg.dll C:\WINDOWS\system32\hqqwkylq.dll C:\WINDOWS\system32\ilqupz.dll C:\WINDOWS\system32\iqeffmxd.dll C:\WINDOWS\system32\lazgyp.dll C:\WINDOWS\system32\lcbbmrdi.dll C:\WINDOWS\system32\ncftfe.dll C:\WINDOWS\system32\noplmvit.dll C:\WINDOWS\system32\nwpsla.dll C:\WINDOWS\system32\qkjcgitm.dll C:\WINDOWS\system32\thxrilya.dll C:\WINDOWS\system32\wsgpiewi.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-04 au 2008-10-04 )))))))))))))))))))))))))))))))))))) . 2008-10-03 17:18 . 2008-10-03 17:18 d-------- C:\Program Files\Trend Micro 2008-10-02 13:34 . 2008-10-03 17:26 d-------- C:\Program Files\a-squared Anti-Malware 2008-09-28 15:49 . 2008-09-28 15:49 d-------- C:\Documents and Settings\LOMBARD CAZACtempupdate 2008-09-28 15:49 . 2008-09-28 15:49 d-------- C:\Documents and Settings\LOMBARD CAZAC\Application Data\D-Jix Media 2008-09-28 15:48 . 2008-09-29 11:14 d-------- C:\Program Files\jre 2008-09-28 15:46 . 2008-09-29 11:17 d-------- C:\Program Files\lib 2008-09-16 02:14 . 2008-09-16 02:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-09-16 02:14 . 2008-09-16 02:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-09-16 02:14 . 2008-09-16 02:14 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-09-16 02:14 . 2008-09-16 02:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-09-16 02:11 . 2008-09-16 02:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-09-16 02:11 . 2008-09-16 02:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-09-16 02:11 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll 2008-09-16 02:11 . 2008-09-16 02:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-09-16 02:11 . 2008-09-16 02:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-09-12 15:03 . 2008-09-12 15:03 d-------- C:\Documents and Settings\LOMBARD CAZAC\Application Data\FloodLightGames 2008-09-12 15:03 . 2008-09-12 15:03 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-04 12:29 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\Skype 2008-10-04 12:29 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\OpenOffice.org2 2008-10-01 09:36 --------- d-----w C:\Program Files\eMule 2008-09-29 15:56 --------- d-----w C:\Program Files\LimeWire 2008-09-29 09:27 --------- d-----w C:\Program Files\DivX 2008-09-21 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg 2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-09-12 15:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-11 14:39 --------- d-----w C:\Program Files\FinePixViewer 2008-09-07 18:14 --------- d-----w C:\Program Files\Mah Jong Quest 2008-09-01 09:53 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\Flood Light Games 2008-09-01 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2008-09-01 09:37 --------- d-----w C:\Program Files\Orange 2008-09-01 09:37 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-08-28 11:19 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\OnlineStorage 2008-08-28 10:10 --------- d-----w C:\Program Files\mes données 2008-08-28 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix 2008-08-28 09:48 61,224 ----a-w C:\Documents and Settings\LOMBARD CAZAC\GoToAssistDownloadHelper.exe 2008-08-28 09:48 --------- d-----w C:\Program Files\Citrix 2008-08-24 08:59 --------- d-----w C:\Program Files\Java 2008-08-15 09:03 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-08-15 09:03 --------- d-----w C:\Documents and Settings\LOMBARD CAZAC\Application Data\AOL 2008-08-15 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-08-15 09:01 --------- d-----w C:\Program Files\Yahoo! 2008-08-12 14:35 --------- d-----w C:\Program Files\Picasa2 2008-08-12 10:12 4,130 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-07 12:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2007-09-26 10:18 62,482,427 -c--a-w C:\Program Files\install_avfw412_or.exe 2006-03-31 14:03 51,911,784 -c--a-w C:\Program Files\CorelPhotoAlbum_TryBuy_FR.exe 2006-03-19 15:22 4,464,128 -c--a-w C:\Program Files\b1cd_frx.exe 2006-01-20 16:10 343,552 -c--a-w C:\Documents and Settings\LOMBARD CAZAC\remote.exe 2006-01-20 15:50 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2005-12-17 15:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-03-31 14:35 56 --sh--r C:\WINDOWS\system32\34E61E5BE0.sys 2008-04-14 02:33 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll 2008-04-14 02:33 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2007-01-10 16:51 8 --sh--r C:\WINDOWS\system32\E05B1EE634.sys 2008-04-14 02:33 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-05 11:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 2008-04-14 02:33 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2008-04-14 02:33 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2004-08-05 11:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32(2)(2)(2)(2).dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32(2)(2)(2).dll 2008-04-14 02:33 551,936 --sha-w C:\WINDOWS\system32\oleaut32.dll 2008-04-14 02:33 84,992 --sha-w C:\WINDOWS\system32\olepro32.dll 2008-04-14 02:33 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 20058152] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe" [2003-10-13 184320] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 126976] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-10 106496] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "PCSuiteTrayApplication"="C:\Program Files\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "F-Secure Manager"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-04-23 182936] "F-Secure TNB"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-04-23 744032] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="C:\Program Files\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] C:\Documents and Settings\LOMBARD CAZAC\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-15 24576] dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-09-28 315392] Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2006-08-13 294912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-08-28 11:48 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\usmt\migwiz.exe"= "C:\WINDOWS\system32\fxsclnt.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\StubInstaller.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-23 57824] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-04-23 47936] R3 Amps2prt;Trust 450LR Mouse Wireless Optical Office Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-09-26 9728] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-23 62048] S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040] S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 52416] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2008-04-23 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2008-04-23 25184] . Contenu du dossier 'Tâches planifiées' 2008-09-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2005-09-21 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job - C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:34] 2008-10-04 C:\WINDOWS\Tasks\Scheduled scanning task.job - C:\PROGRA~1\Orange\ANTIVI~1\ANTI-V~1\fsav.exe [2008-04-23 18:11] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-04 14:26:00 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\Inventel\Gateway\WLANCFG.EXE C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe C:\Program Files\Orange\AntivirusFirewall\FWES\program\fsdfwd.exe C:\PROGRA~1\Orange\ANTIVI~1\Common\FSM32.EXE C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.bin C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe . ************************************************************************** . Heure de fin: 2008-10-04 14:38:05 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-04 12:37:56 ComboFix2.txt 2008-10-04 10:11:54 Avant-CF: 24 573 771 776 octets libres Après-CF: 24,576,151,552 octets libres 468 --- E O F --- 2008-09-10 11:05:16

Destrio5 · Answer

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

julia_*** · Answer

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1227
Windows 5.1.2600 Service Pack 3

04/10/2008 14:58:17
mbam-log-2008-10-04 (14-58-17).txt

Type de recherche: Examen rapide
Eléments examinés: 50500
Temps écoulé: 5 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout

---> Poste un nouveau rapport HijackThis

julia_*** · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:19, on 04/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://butterfly83ju.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

julia_*** · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:19, on 04/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://butterfly83ju.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Destrio5 · Answer

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')     

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')     

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')     

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')     

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un dernier rapport HijackThis

As-tu encore des problèmes ?

julia_*** · Answer

rois que le problème est résolu ! Je te remercie beaucoup !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:33, on 04/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\450LRM~1\Amoumain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://butterfly83ju.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Destrio5 · Answer

Pour finir :

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Télécharge Tools Cleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser. 
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport. 
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

julia_*** · Answer

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\Qoobox: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\QooBox\Quarantine\C\Program Files\Navilog1: trouvé !

---------------------------------
-->- Suppression: 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

julia_*** · Answer

En tt cas merci pour tt ! Ca marche nickel maintenant !

Destrio5 · Answer

Bonne journée ;)

Comment éliminer un virus troyen rapidement ?

29 réponses

Discussions similaires

Newsletters