Sujet Précédent Sujet Suivant

Infectè par quelque chose

Résolu/Fermé
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 - 13 oct. 2008 à 20:22
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 - 16 oct. 2008 à 16:40
Bonjour,
depuis ce matin mon pc rame a fond il mets du temps a ouvrir des pages et maintenant il n ouvre plus les raccourcis de mon bureau comme ccleaner ou spybot dites moi ce que je peux faire merci

85 réponses

Précédent
Réponse 21 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
13 oct. 2008 à 23:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:47, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\DOCUME~1\SPINOU~1\APPLIC~1\logman.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\SPINOU~1\APPLIC~1\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://frgoldenriviera.microgaming.com/frgoldenriviera/FlashAX2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 22 / 85
Utilisateur anonyme
14 oct. 2008 à 00:01
réouvre hijackthis
fais scan only
coches ces lignes :


O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)


O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://frgoldenriviera.microgaming.com/frgoldenriviera/FlashAX2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab


tu les coches et tu clic sur fix checked


ensuite supprime hijackthis


puis désinstal et réinstal antivir


ensuite :


Désactive et réactive ta restauration system :

(1) Désactiver la Restauration du système

cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Coches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.


(2) Activer la Restauration du système


cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Décoches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.


Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924


et reviens nous donner des nouvelles
0
Réponse 23 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 00:03
ok je fais tout ca et demain je te donne des nouvelles je te remercie beaucoup
0
Réponse 24 / 85
Utilisateur anonyme
14 oct. 2008 à 00:04
ok martine pas de soucis

bonne nuit
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 12:22
bonjour donc j ai bien fais tout sauf que je ne trouve pas antivir pour le desinstaller il est nul part alors que je lai car kan je ve le reinstaller il me dise que je l ai deja mais ou se cache t il?j ai essayè avec recherche rien trouvè!!!
0
Réponse 26 / 85
Utilisateur anonyme
14 oct. 2008 à 12:25
panneau de configuration
ajout et suppression de programme

regarde si il y a Antivir ou Avira
0
Réponse 27 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 12:25
non ya rien du tout justement
0
Réponse 28 / 85
Utilisateur anonyme
14 oct. 2008 à 12:28
refais un scan hijackthis et post le rapport stp
0
Réponse 29 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 12:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:55, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\DOCUME~1\SPINOU~1\APPLIC~1\dllhst3g.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\DOCUME~1\SPINOU~1\LOCALS~1\Temp\logman.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\SPINOU~1\APPLIC~1\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://frgoldenriviera.microgaming.com/frgoldenriviera/FlashAX2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 30 / 85
Utilisateur anonyme
14 oct. 2008 à 12:33
on va s occuper de antivir apres cette opération :


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.



Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)


-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 31 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 12:54
ComboFix 08-10-12.01 - spinouze martine 2008-10-14 12:38:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.240 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\spinouze martine\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\spinouze martine\Application Data\dllhst3g.exe
C:\Documents and Settings\spinouze martine\Application Data\inst.exe
C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.

2008-10-14 07:34 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\dllhst3g.exe
2008-10-13 23:44 . 2008-10-13 23:44 <REP> d-------- C:\_OTMoveIt
2008-10-13 22:51 . 2008-10-13 23:30 <REP> d-------- C:\Program Files\FindyKill
2008-10-13 21:36 . 2008-10-08 14:03 81,920 --a------ C:\Documents and Settings\spinouze martine\Application Data\logman.exe
2008-10-13 20:12 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\ieudinit.exe
2008-10-13 15:30 . 2008-10-13 19:33 15,970 --a------ C:\WINDOWS\system32\ban_list.MSNFix
2008-10-12 21:45 . 2008-10-14 00:18 <REP> d-------- C:\Documents and Settings\spinouze martine\Application Data\Avira
2008-10-12 17:23 . 2008-10-12 17:40 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-10-09 11:39 . 2008-10-09 11:39 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents
2008-10-08 22:03 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 14:03 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\system32\drivers\comrepl.exe
2008-10-08 14:03 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\system\sessmgr.exe
2008-10-08 14:03 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\system\clipsrv.exe
2008-10-08 11:43 . 2008-10-08 11:43 <REP> d-------- C:\Documents and Settings\spinouze martine\Application Data\RM Royal Media Ltd
2008-09-29 19:14 . 2008-09-29 19:14 <REP> d-------- C:\Documents and Settings\spinouze martine\Application Data\Spyware Terminator
2008-09-29 19:14 . 2008-09-29 19:14 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-09-23 14:54 . 2008-10-12 21:32 <REP> d-------- C:\Program Files\Avira
2008-09-23 14:54 . 2008-10-14 00:18 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-09-23 10:59 . 2008-09-23 10:59 <REP> d-------- C:\CaffeLatte

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 06:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-10-13 20:21 --------- d-----w C:\Program Files\eMule
2008-10-13 13:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-13 13:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 08:19 --------- d-----w C:\Documents and Settings\spinouze martine\Application Data\uTorrent
2008-10-09 11:17 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-09 06:57 --------- d-----w C:\Program Files\Lx_cats
2008-10-08 20:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-08 09:13 --------- d-----w C:\Documents and Settings\spinouze martine\Application Data\OpenOffice.org2
2008-10-03 10:11 --------- d-----w C:\Program Files\Picasa2
2008-09-29 17:14 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-29 12:04 --------- d-----w C:\Program Files\QuickTime
2008-09-29 12:01 --------- d-----w C:\Program Files\MediaCoder
2008-09-17 17:36 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-16 17:25 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-16 17:25 --------- d-----w C:\Program Files\DivX
2008-09-12 16:00 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-11 18:31 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-11 08:15 --------- d-----w C:\Program Files\Iminent
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 09:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-03 09:13 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-01 20:09 --------- d-----w C:\Documents and Settings\spinouze martine\Application Data\Apple Computer
2008-09-01 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-09-01 09:17 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-09-01 09:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-08-31 13:25 --------- d-----w C:\Program Files\uTorrent
2008-08-31 13:25 --------- d-----w C:\Program Files\PIXELA
2008-07-23 16:47 634,880 ----a-w C:\WINDOWS\system32\nsh25.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-09 19:44 47,360 ----a-w C:\Documents and Settings\spinouze martine\Application Data\pcouffin.sys
2008-04-29 08:47 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-04-23 16:40 836 ----a-w C:\Documents and Settings\spinouze martine\Application Data\ViewerApp.dat
2007-06-22 13:49 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-10-10 18:11 81,920 -c--a-w C:\Documents and Settings\Mme Spinouze\Application Data\ezpinst.exe
2006-10-10 18:11 47,360 -c--a-w C:\Documents and Settings\Mme Spinouze\Application Data\pcouffin.sys
2006-06-01 18:14 54 -c--a-w C:\Program Files\delir.gio
2006-01-20 19:20 518 -c--a-w C:\Program Files\Raccourci (2) vers Internet Explorer.lnk
2006-01-20 13:22 518 ----a-w C:\Program Files\Raccourci vers Internet Explorer.lnk
1999-04-30 15:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2007-06-29 19:24 23 --sha-w C:\WINDOWS\system32\bbbccfb2_r.dll
2007-04-29 17:51 5 --sha-w C:\WINDOWS\system32\ecbcffda_s.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-02-12 847880]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-10-13 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-10-13 266497]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-09-10 69632]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ClipSrv"="C:\WINDOWS\System\clipsrv.exe" [2008-10-08 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Cisvc"="C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe" [2008-10-08 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Exif Launcher S.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Exif Launcher S.lnk
backup=C:\WINDOWS\pss\Exif Launcher S.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^spinouze martine^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\spinouze martine\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmmiyq
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-08 01:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2004-09-17 15:24 61440 C:\Program Files\Lexmark 6200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2004-09-22 12:18 299008 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-07-11 17:09 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a------ 2008-10-08 14:03 81920 C:\DOCUME~1\SPINOU~1\APPLIC~1\logman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe]
--a------ 2004-09-22 12:45 188416 C:\Program Files\Lexmark 6200 Series\lxbumon.exE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-07-28 15:19 4841472 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-07-28 15:19 49152 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-21 03:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2007-05-10 17:58 344064 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
--a------ 2007-05-12 12:19 270336 C:\WINDOWS\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-07-28 15:19 852038 C:\WINDOWS\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\lxbucoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\CaffeLatte\\CafeClient\\CafeProtocol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"86:TCP"= 86:TCP:BroadCam Web Server

R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-09-10 17200]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-10 110256]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-08-10 12212864]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-11 355584]
S4 AVEService;Service d'assistance Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-09-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-14 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

2008-10-14 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Explorer_Run-DllHst - C:\DOCUME~1\SPINOU~1\APPLIC~1\dllhst3g.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroCheck - C:\WINDOWS\system32\NeroCheck.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
MSConfigStartUp-Philips Intelligent Agent - C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
MSConfigStartUp-SpywareTerminator - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-TrojanScanner - C:\Program Files\Trojan Remover\Trjscan.exe
MSConfigStartUp-WinVNC - C:\Program Files\UltraVNC\WinVNC.exe
MSConfigStartUp-emule inc - emule.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\spinouze martine\Application Data\Mozilla\Firefox\Profiles\a25h6p2t.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.iminent.com/?euid=lWXhr/Kd5FGGFCs5jArJ4vaReL3unxLNzyKxvjtWIFfhhxyO/k+c+BGw9d77pA8y&lcid=1036&ref=homepage
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 12:44:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-14 12:49:36
ComboFix-quarantined-files.txt 2008-10-14 10:49:01

Avant-CF: 21 407 162 368 octets libres
Après-CF: 21,676,449,792 octets libres

250 --- E O F --- 2008-09-10 06:40:02
0
Réponse 32 / 85
Utilisateur anonyme
14 oct. 2008 à 13:05
Copie le texte ci-dessous :

File::
C:\WINDOWS\dllhst3g.exe
C:\WINDOWS\system32\ban_list.MSNFix
C:\WINDOWS\system32\tmp.MSNFix
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

Folder::
C:\_OTMoveIt
C:\Program Files\FindyKill
C:\Program Files\Avira

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=-

Driver::
AntiVirMailService
antivirwebservice
AVEService




Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 33 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 13:36
ComboFix 08-10-12.01 - spinouze martine 2008-10-14 13:12:19.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.215 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\spinouze martine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\spinouze martine\Bureau\CFScript.txt..txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\10132008_234427.log
C:\_OTMoveIt\MovedFiles\10132008_234427.res
C:\Program Files\Avira
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aebb.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aecore.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aeemu.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aegen.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aehelp.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aeheur.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aeoffice.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aepack.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aerdl.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aescn.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aescript.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\aevdf.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avadmin.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avconfig.cpl
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avconfig.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avconfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avconfig64.cpl
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvcr.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avevtlog.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avinet.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avipbb.inf
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avipc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailcr.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmcdlg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avnotify.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avpref.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avreg.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avrep.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avscan.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwinll.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccev.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccevrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccgen.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccgenrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccgrdrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccguard.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\cclib.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\cclic.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\cclicrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccmainrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccmgrdrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccmguard.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccmsg.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccprofil.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccquamgr.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccquarc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccreporc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccreport.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccscanrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccsched.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccscherc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\cctpc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccupdate.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccupdrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccwgrd.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ccwgrdrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\fact.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\factrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aebb.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aecore.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aeemu.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aegen.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aehelp.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aeheur.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aeoffice.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aepack.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aerdl.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aescn.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aescript.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\aevdf.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\FAILSAFE\avrep.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\filelist.ini
C:\Program Files\Avira\AntiVir PersonalEdition Premium\guardevt.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\guardgui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\guardmsg.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\licmgr.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\licmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\luke.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\lukeres.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\mfc71u.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\mgrs.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\msgclient.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\msvcp71.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\msvcr71.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\netnt.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\preupd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\product.ini
C:\Program Files\Avira\AntiVir PersonalEdition Premium\rchelp.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\rcimage.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\rctext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\rscdwld.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\rscdwrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\scewxml.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\schedr.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\setup.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\setup.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\smtplib.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sporder.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sqlite3.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\ssmdrv.inf
C:\Program Files\Avira\AntiVir PersonalEdition Premium\unacev2.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\update.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\updgui.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\updguirc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\updlib.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\updlibrc.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\webcat.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\wksstats.dll
C:\Program Files\Avira\AntiVir PersonalEdition Premium\wsctool.exe
C:\Program Files\Avira\Avira Premium Security Suite\about.htm
C:\Program Files\Avira\Avira Premium Security Suite\aeset.dat
C:\Program Files\Avira\Avira Premium Security Suite\alldiscs.avp
C:\Program Files\Avira\Avira Premium Security Suite\alldrives.avp
C:\Program Files\Avira\Avira Premium Security Suite\antivir.oem
C:\Program Files\Avira\Avira Premium Security Suite\antivir0.vdf
C:\Program Files\Avira\Avira Premium Security Suite\antivir1.vdf
C:\Program Files\Avira\Avira Premium Security Suite\antivir2.vdf
C:\Program Files\Avira\Avira Premium Security Suite\antivir3.vdf
C:\Program Files\Avira\Avira Premium Security Suite\avwin.chm
C:\Program Files\Avira\Avira Premium Security Suite\build.dat
C:\Program Files\Avira\Avira Premium Security Suite\ccplg.xml
C:\Program Files\Avira\Avira Premium Security Suite\common_msg.avr
C:\Program Files\Avira\Avira Premium Security Suite\eula.txt
C:\Program Files\Avira\Avira Premium Security Suite\FAILSAFE\aeset.dat
C:\Program Files\Avira\Avira Premium Security Suite\FAILSAFE\antivir0.vdf
C:\Program Files\Avira\Avira Premium Security Suite\FAILSAFE\antivir1.vdf
C:\Program Files\Avira\Avira Premium Security Suite\FAILSAFE\antivir2.vdf
C:\Program Files\Avira\Avira Premium Security Suite\FAILSAFE\antivir3.vdf
C:\Program Files\Avira\Avira Premium Security Suite\global_words.db
C:\Program Files\Avira\Avira Premium Security Suite\inetset.bin
C:\Program Files\Avira\Avira Premium Security Suite\InstallationInfs
C:\Program Files\Avira\Avira Premium Security Suite\KProcessHlpr_556.txt
C:\Program Files\Avira\Avira Premium Security Suite\mydocs.avp
C:\Program Files\Avira\Avira Premium Security Suite\process.avp
C:\Program Files\Avira\Avira Premium Security Suite\prodinfo.dat
C:\Program Files\Avira\Avira Premium Security Suite\readme.txt
C:\Program Files\Avira\Avira Premium Security Suite\rmdiscs.avp
C:\Program Files\Avira\Avira Premium Security Suite\settings.db
C:\Program Files\Avira\Avira Premium Security Suite\setupprf.dat
C:\Program Files\Avira\Avira Premium Security Suite\sweb.zip
C:\Program Files\Avira\Avira Premium Security Suite\sysdir.avp
C:\Program Files\Avira\Avira Premium Security Suite\sysscan.avp
C:\Program Files\Avira\Avira Premium Security Suite\update_msg.avr
C:\Program Files\Avira\Avira Premium Security Suite\webcat.dat
C:\Program Files\Avira\Avira Premium Security Suite\weblink.url
C:\Program Files\Avira\Avira Premium Security Suite\wgrd403.htm
C:\Program Files\Avira\Avira Premium Security Suite\wgrd403b.htm
C:\Program Files\Avira\Avira Premium Security Suite\wgrd403p.htm
C:\Program Files\Avira\Avira Premium Security Suite\wgrdftl.dat
C:\Program Files\FindyKill
C:\Program Files\FindyKill\FindyKill.cmd
C:\Program Files\FindyKill\FixReg\FixSrosa.reg
C:\Program Files\FindyKill\FixReg\Limpia
C:\Program Files\FindyKill\FixReg\Limpia.reg
C:\Program Files\FindyKill\FixReg\Mse.reg
C:\Program Files\FindyKill\FixReg\Repair.reg
C:\Program Files\FindyKill\FixReg\Wvista.reg
C:\Program Files\FindyKill\FixReg\Wxp.reg
C:\Program Files\FindyKill\Tools\hldrrr.exe
C:\Program Files\FindyKill\Tools\Icone.ico
C:\Program Files\FindyKill\Tools\mdelk.exe
C:\Program Files\FindyKill\Tools\swreg.exe
C:\Program Files\FindyKill\Tools\wintems.exe
C:\Program Files\FindyKill\Uninstal.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIVIRMAILSERVICE
-------\Legacy_ANTIVIRWEBSERVICE
-------\Legacy_AVESERVICE
-------\Service_AntiVirMailService
-------\Service_antivirwebservice
-------\Service_AVEService


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.

2008-10-14 13:20 . 2008-10-14 13:20 <REP> d-------- C:\WINDOWS\system32\drivers\downld
2008-10-14 13:20 . 2008-10-08 14:03 81,920 --a------ C:\Documents and Settings\spinouze martine\Application Data\mstsc.exe
2008-10-14 07:34 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\dllhst3g.exe
2008-10-13 21:36 . 2008-10-08 14:03 81,920 --a------ C:\Documents and Settings\spinouze martine\Application Data\logman.exe
2008-10-13 20:12 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\ieudinit.exe
2008-10-13 15:30 . 2008-10-13 19:33 15,970 --a------ C:\WINDOWS\system32\ban_list.MSNFix
2008-10-12 21:45 . 2008-10-14 00:18 <REP> d-------- C:\Documents and Settings\spinouze martine\Application Data\Avira
2008-10-12 17:23 . 2008-10-12 17:40 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-10-09 11:39 . 2008-10-09 11:39 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents
2008-10-08 22:03 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 14:03 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\system32\drivers\comrepl.exe
2008-10-08 14:03 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\system\sessmgr.exe
2008-10-08 14:03 . 2008-10-08 14:03 81,920 --a------ C:\WINDOWS\system\clipsrv.exe
2008-10-08 11:43 . 2008-10-08 11:43 <REP> d-------- C:\Documents and Settings\spinouze martine\Application Data\RM Royal Media Ltd
2008-09-29 19:14 . 2008-09-29 19:14 <REP> d-------- C:\Documents and Settings\spinouze martine\Application Data\Spyware Terminator
2008-09-29 19:14 . 2008-09-29 19:14 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-09-23 14:54 . 2008-10-14 00:18 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-09-23 10:59 . 2008-09-23 10:59 <REP> d-------- C:\CaffeLatte

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 06:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-10-13 20:21 --------- d-----w C:\Program Files\eMule
2008-10-13 13:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-13 13:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 08:19 --------- d-----w C:\Documents and Settings\spinouze martine\Application Data\uTorrent
2008-10-09 11:17 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-09 06:57 --------- d-----w C:\Program Files\Lx_cats
2008-10-08 20:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-08 09:13 --------- d-----w C:\Documents and Settings\spinouze martine\Application Data\OpenOffice.org2
2008-10-03 10:11 --------- d-----w C:\Program Files\Picasa2
2008-09-29 17:14 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-29 12:04 --------- d-----w C:\Program Files\QuickTime
2008-09-29 12:01 --------- d-----w C:\Program Files\MediaCoder
2008-09-17 17:36 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-16 17:25 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-16 17:25 --------- d-----w C:\Program Files\DivX
2008-09-12 16:00 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-11 08:15 --------- d-----w C:\Program Files\Iminent
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 09:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-03 09:13 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-01 20:09 --------- d-----w C:\Documents and Settings\spinouze martine\Application Data\Apple Computer
2008-09-01 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-09-01 09:17 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-09-01 09:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-08-31 13:25 --------- d-----w C:\Program Files\uTorrent
2008-08-31 13:25 --------- d-----w C:\Program Files\PIXELA
2008-07-09 19:44 47,360 ----a-w C:\Documents and Settings\spinouze martine\Application Data\pcouffin.sys
2008-04-29 08:47 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-04-23 16:40 836 ----a-w C:\Documents and Settings\spinouze martine\Application Data\ViewerApp.dat
2007-06-22 13:49 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-10-10 18:11 81,920 -c--a-w C:\Documents and Settings\Mme Spinouze\Application Data\ezpinst.exe
2006-10-10 18:11 47,360 -c--a-w C:\Documents and Settings\Mme Spinouze\Application Data\pcouffin.sys
2006-06-01 18:14 54 -c--a-w C:\Program Files\delir.gio
2006-01-20 19:20 518 -c--a-w C:\Program Files\Raccourci (2) vers Internet Explorer.lnk
2006-01-20 13:22 518 ----a-w C:\Program Files\Raccourci vers Internet Explorer.lnk
1999-04-30 15:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2007-06-29 19:24 23 --sha-w C:\WINDOWS\system32\bbbccfb2_r.dll
2007-04-29 17:51 5 --sha-w C:\WINDOWS\system32\ecbcffda_s.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-14_12.47.18,93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-02-12 847880]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-10-13 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-09-10 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"DllHst"="C:\WINDOWS\dllhst3g.exe" [2008-10-08 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ClipSrv"="C:\WINDOWS\System\clipsrv.exe" [2008-10-08 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Cisvc"="C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe" [2008-10-08 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\DOCUME~1\SPINOU~1\APPLIC~1\mstsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Exif Launcher S.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Exif Launcher S.lnk
backup=C:\WINDOWS\pss\Exif Launcher S.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^spinouze martine^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\spinouze martine\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmmiyq
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-08 01:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2004-09-17 15:24 61440 C:\Program Files\Lexmark 6200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2004-09-22 12:18 299008 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-07-11 17:09 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a------ 2008-10-08 14:03 81920 C:\DOCUME~1\SPINOU~1\APPLIC~1\logman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe]
--a------ 2004-09-22 12:45 188416 C:\Program Files\Lexmark 6200 Series\lxbumon.exE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-07-28 15:19 4841472 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-07-28 15:19 49152 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-21 03:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2007-05-10 17:58 344064 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
--a------ 2007-05-12 12:19 270336 C:\WINDOWS\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-07-28 15:19 852038 C:\WINDOWS\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\lxbucoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\CaffeLatte\\CafeClient\\CafeProtocol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"86:TCP"= 86:TCP:BroadCam Web Server

R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-09-10 17200]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-10 110256]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-08-10 12212864]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-11 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-09-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-14 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

2008-10-14 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-avgnt - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 13:20:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\WINDOWS\system32\drivers\downld

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
.
**************************************************************************
.
Heure de fin: 2008-10-14 13:32:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-14 11:32:14
ComboFix2.txt 2008-10-14 10:52:10

Avant-CF: 21 659 889 664 octets libres
Après-CF: 21,567,098,880 octets libres

424 --- E O F --- 2008-09-10 06:40:02
0
Réponse 34 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 13:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:54, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System\clipsrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\DOCUME~1\SPINOU~1\APPLIC~1\spoolsv.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://frgoldenriviera.microgaming.com/frgoldenriviera/FlashAX2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (file missing)
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 35 / 85
Utilisateur anonyme
14 oct. 2008 à 13:44
réouvre hijackthis
fais scan only
coches ces lignes :


O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://frgoldenriviera.microgaming.com/frgoldenriviera/FlashAX2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab



tu les coches et tu clic sur fix checked


ensuite :

Démarrer > executer > tape : services.msc

- Clic droit sur le service cité - Planificateur Avira AntiVir Premium
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html


idem pour : Avira AntiVir Premium Guard



ensuite réinstal antivir
0
Réponse 36 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 14:20
impossible de telecharger antivir le probleme est pareil ca commence bien ensuite un message me dit kil va desinstaller la version d avira que jai pour installer l autre je klik sur ok mon ordi s eteinds et se rallume et toujours le mm message et ca recomence
0
Réponse 37 / 85
Utilisateur anonyme
14 oct. 2008 à 14:25
post un rapport hijackthis stp
0
Réponse 38 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 14:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:24, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\SPINOU~1\APPLIC~1\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\DOCUME~1\SPINOU~1\APPLIC~1\spoolsv.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\SPINOU~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 39 / 85
Utilisateur anonyme
14 oct. 2008 à 14:40
je ne vois plus de traces de antivir donc .... c est bizarre


* Télécharge SDFix depuis ce lien : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Enregistre SDFix sur ton bureau
* Double-clique sur l'icone SDFix
* Une fenêtre s'ouvre, laisse les options telles quelles puis clique sur le bouton InstallSDFix .

Pour la suite le nettoyage se fait en mode sans échec.

Pour redémarrer en mode sans échec :

* Redémarre ton PC, avant le logo Windows et après le changement du premier écran
* Tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuie sur la touche entrée du clavier.
* Pour plus d'informations, voir la page comment redémarrer en mode sans échec

* Une fois en mode sans échec, clique sur le menu Démarrer puis Exécuter et colle la commande suivant :
C:\SDFix\RunThis.bat
* Cliquez sur OK.
* Une fenêtre noire s'ouvre vous donnant la version du Fix.
* Appuyez sur la touche Y (pour yes) du clavier et appuyez sur Entrée

*A ce moment le bureau (Menu Démarrer etc.) va disparaître.

* Le Fix commence son travail, cela peut durer une trentaines de minutes
* Une fois les opérations de nettoyage effectuées... SDFix signale que l'ordinateur doit être redémarré :

>>>The PC Will now restart

* Appuie sur une touche du clavier

* L'ordinateur va redémarrer normalement.
* Avant d'arriver sur le bureau, une nouvelle fenêtre de SDFix va s'ouvrir. Ca peut durer cinq minutes...

>> Le rapport SDFix s'ouvre alors fais un copier coller et envoi le.


0
Réponse 40 / 85
martine03 Messages postés 2129 Date d'inscription jeudi 28 septembre 2006 Statut Membre Dernière intervention 24 février 2021 17
14 oct. 2008 à 15:40
[b]SDFix: Version 1.235 [/b]
Run by spinouze martine on 14/10/2008 at 15:13

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\WBEMST~1.EXE - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 15:28:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\lxbucoms.exe"="C:\\WINDOWS\\system32\\lxbucoms.exe:*:Disabled:6200 Series Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\CaffeLatte\\CafeClient\\CafeProtocol.exe"="C:\\CaffeLatte\\CafeClient\\CafeProtocol.exe:*:Enabled:Cafe.com URL Protocol host"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 3 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Fri 29 Jun 2007 23 A.SH. --- "C:\WINDOWS\system32\bbbccfb2_r.dll"
Sun 29 Apr 2007 5 A.SH. --- "C:\WINDOWS\system32\ecbcffda_s.dll"
Tue 15 Jun 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 Jun 2004 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Mon 27 Dec 2004 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Sat 21 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Mon 12 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Fri 27 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"

[b]Finished![/b]
0

Discussions similaires

Devinette
Boura10000 -
Utilisateur anonyme -

2 réponses
Prob Javascript bloqué.. URGENT!!!
galaxauguste -
kevinator2025 -

49 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
on dis une chose positive ou positif ?
zanekil -
Raymond PENTIER -

5 réponses
Que peut faire 3fois/j un homme, mais qu'1fois/j une femme
Soter -
Raymond PENTIER -

1 réponse