Se connecter / S'enregistrer
Votre question

Enlever XP Antispyware 2009

Tags :
  • Windows XP
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Octobre 2008 17:29:34

Bonsoir,
j'ai présentement des problèmes avec XP Antispyware 2009. Le problème, c'est qu'il semble me bloquer l'accès à tous les sites d'antivirus. J'utilise Trend Micro PC-cilling Internet Security 2007 et depuis le 18 octobre, je ne peux plus faire d'update. Deux jours après ça, il est arrivé un fenêtre de XP Antispyware 2009 qui voulait s'installer. J'ai appuyer sur le X en haut à droite dès que je m'en suis aperçu et à partir de ce moment, la fenêtre à commencer à apparaître plus souvent. Il est à noter qu'un X rouge est apparu dans ma barre de tâche disant que mon ordinateur est infecté. À partir du registre Windows, j'ai effacé les parties les plus évidente du virus (celle qui contenait XP antispyware dans le nom du fichier), mais ce n'est certainement pas assez pour eradiquer le virus de l'ordinateur. J'ai aussi essayé de restaurer mon ordinateur à une date antérieur, mais en mode normal comme en safe mode, toujours le même résultat : rien. Ce qui me tracasse encore plus, c'est que j'ai essayé plusieurs autres antispyware ou antivirus gratuits à partir de site comme clubic.com, mais chaque fois, lorsque venait le moment de télécharger les mises à jour, rien ne marchait plus. Comme pour Trend Micro PC-cilling, l'accès internet au site était bloqué. J'aimerais mentionner que pour le logiciel payant SpyHunter 3, je détecte le virus Rogue.XP Antispyware 2009, mais je dois payer une somme de 60,00$ pour cela. J'aimerais mieux reformater mon ordinateur, mais je cherche une solution qui m'éviterait cela. Je crois avoir mentionné l'information importante, mais s'il manque quelque chose, demander et j'essais de vous répondre au plus vite. J'ai essayé de télécharger Hijackthis, mais j'obtiens une page qui dit "Internet Explorer ne peut pas afficher cette page Web" comme lorsque je veux aller sur le site d'antivirus Trend Micro, Avast, etc. Serait-il possible de le télécharger à partir d'un autre ordinateur et de l'installer ensuite?
Merci à l'avance.

Autres pages sur : enlever antispyware 2009

23 Octobre 2008 18:10:17

Bon voilà... j'ai réussi à télécharger Hijackthis mais seulement la version 1.99.1! Je vous envoie le hijackthis.log pour que si quelque passe par là, pas hasard, pourrait m'aider à décoder ce truc. :sarcastic: 

Logfile of HijackThis v1.99.1
Scan saved at 12:06:21, on 2008-10-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis-2.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uplo...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Voilà! Merci encore à l'avance!
a b 8 Sécurité
23 Octobre 2008 18:42:58

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Contenus similaires
    24 Octobre 2008 01:25:22

    ComboFix 08-10-23.03 - Michel Leclerc 2008-10-23 19:06:17.2 - NTFSx86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.288 [GMT -4:00]
    Lancé depuis: C:\Documents and Settings\Michel Leclerc\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Michel Leclerc\Cookies\iluberiwi.sys
    C:\Documents and Settings\Michel Leclerc\Local Settings\Temporary Internet Files\bevu.reg
    C:\Documents and Settings\Michel Leclerc\Local Settings\Temporary Internet Files\ixuqepyla.reg
    C:\Documents and Settings\Michel Leclerc\Local Settings\Temporary Internet Files\wopam.scr
    C:\Program Files\XP_AntiSpyware
    C:\Program Files\XP_AntiSpyware\Uninstall.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\system32\DelSelf.bat
    C:\WINDOWS\system32\Drivers\TDSSmqlt.sys
    C:\WINDOWS\system32\TDSSbrsr.dll
    C:\WINDOWS\system32\TDSSoiqh.dll
    C:\WINDOWS\system32\TDSSosvd.dat
    C:\WINDOWS\system32\TDSSrhym.dll
    C:\WINDOWS\system32\TDSSriqp.dll
    C:\WINDOWS\system32\TDSSxfum.dll
    C:\WINDOWS\system32\wini10802.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 22:53 . 2008-10-22 22:53 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-10-22 21:25 . 2008-10-22 21:25 0 --a------ C:\WINDOWS\nsreg.dat
    2008-10-22 21:05 . 2008-10-22 22:22 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-22 17:10 . 2008-10-22 17:10 19,137 --a------ C:\WINDOWS\ynewes.pif
    2008-10-22 17:10 . 2008-10-22 17:10 18,401 --a------ C:\Documents and Settings\All Users\Application Data\cuvuwuga.com
    2008-10-22 17:10 . 2008-10-22 17:10 17,898 --a------ C:\WINDOWS\paged.dat
    2008-10-22 17:10 . 2008-10-22 17:10 16,434 --a------ C:\WINDOWS\eripyn.dat
    2008-10-22 17:10 . 2008-10-22 17:10 16,417 --a------ C:\WINDOWS\system32\qubonik.reg
    2008-10-22 17:10 . 2008-10-22 17:10 16,052 --a------ C:\WINDOWS\syhupezeve.exe
    2008-10-22 17:10 . 2008-10-22 17:10 15,544 --a------ C:\Program Files\Fichiers communs\ybafewa.bin
    2008-10-22 17:10 . 2008-10-22 17:10 14,945 --a------ C:\WINDOWS\awohybik.reg
    2008-10-22 17:10 . 2008-10-22 17:10 12,368 --a------ C:\WINDOWS\pojuba.dl
    2008-10-22 17:10 . 2008-10-22 17:10 10,730 --a------ C:\WINDOWS\system32\onibu.reg
    2008-10-22 08:13 . 2008-10-22 08:13 <REP> d-------- C:\Program Files\Alwil Software
    2008-10-21 23:31 . 2008-10-21 23:31 <REP> d-------- C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert
    2008-10-21 23:30 . 2008-10-21 23:30 <REP> d-------- C:\Program Files\AdwareAlert
    2008-10-18 16:32 . 2006-03-02 08:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
    2008-10-18 16:32 . 2006-03-02 08:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
    2008-10-18 15:20 . 2008-10-18 15:20 44,032 --a------ C:\WINDOWS\system32\av.dat
    2008-10-18 15:20 . 2008-10-23 17:56 3,896 --a------ C:\WINDOWS\system32\TDSSlxwp.dll
    2008-10-18 13:59 . 2008-09-15 11:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-18 13:59 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-18 13:58 . 2008-08-14 09:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-18 13:58 . 2008-08-14 09:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-18 13:58 . 2008-08-14 09:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-18 13:58 . 2008-08-14 09:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-09-28 21:10 . 2008-09-28 21:10 <REP> d-------- C:\Documents and Settings\Michel Leclerc\Application Data\U3
    2008-09-28 00:29 . 2008-09-28 00:31 <REP> d-------- C:\Program Files\Freecorder
    2008-09-28 00:29 . 2008-09-28 00:29 737,280 --a------ C:\WINDOWS\iun6002.exe
    2008-09-28 00:26 . 2008-09-28 00:26 <REP> d-------- C:\WINDOWS\Freecorder Toolbar
    2008-09-25 18:07 . 2008-09-25 18:07 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-09-25 18:07 . 2008-09-25 18:08 <REP> d-------- C:\Documents and Settings\Michel Leclerc\Application Data\Audacity
    2008-09-24 15:57 . 2008-09-24 15:57 <REP> d-------- C:\Program Files\Microsoft Games

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-23 21:54 --------- d-----w C:\Documents and Settings\Michel Leclerc\Application Data\skypePM
    2008-10-23 21:54 --------- d-----w C:\Documents and Settings\Michel Leclerc\Application Data\Skype
    2008-10-22 12:26 --------- d-----w C:\Documents and Settings\Michel Leclerc\Application Data\FrostWire
    2008-10-19 22:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-10-05 22:00 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-09-19 15:29 --------- d-----w C:\Program Files\Apple Software Update
    2008-09-19 15:26 --------- d-----w C:\Program Files\iTunes
    2008-09-19 15:26 --------- d-----w C:\Program Files\iPod
    2008-09-19 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-19 15:24 --------- d-----w C:\Program Files\QuickTime
    2008-09-19 15:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-09-19 15:18 --------- d-----w C:\Program Files\Bonjour
    2008-09-10 20:45 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-09-10 12:06 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-05 21:07 --------- d-----w C:\Program Files\Apple Software Update(2)
    2008-08-30 17:30 --------- d-----w C:\Program Files\GUILD WARS
    2008-08-29 15:41 --------- d-----w C:\Program Files\FrostWire
    2008-08-29 15:40 --------- d-----w C:\Program Files\Java
    2008-08-29 15:40 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-08-29 15:39 --------- d-----w C:\Program Files\AskSBar
    2008-08-29 15:32 --------- d-----w C:\Program Files\Audacity
    2008-08-28 17:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-28 17:31 --------- d-----w C:\Program Files\Full Tilt Poker
    2008-08-28 14:13 --------- d-----w C:\Program Files\Intel Audio Studio
    2008-08-27 23:30 --------- d-----w C:\Program Files\ANI
    2008-08-27 23:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-27 23:29 --------- d-----w C:\Program Files\D-Link
    2008-08-27 18:01 --------- d-----w C:\Program Files\Finale 2004b FR
    2008-08-24 19:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-08 13:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-10 68856]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-10-16 9093120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 7311360]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 86016]
    "pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2007-01-23 3429904]
    "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 2715648]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
    "IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-12-12 8744960]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
    "nwiz"="nwiz.exe" [2005-12-10 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-05 110592]
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\FrostWire\\FrostWire.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-23 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
    - C:\Program Files\AdwareAlert\AdwareAlert.exe [2008-10-16 09:55]

    2008-10-23 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
    - C:\Program Files\AdwareAlert [2008-10-21 23:30]

    2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-10-19 C:\WINDOWS\Tasks\Norton Security Scan.job
    - C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 05:08]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-StillMnt - WCamRmv.exe
    HKLM-Run-SigmatelSysTrayApp - sttray.exe
    HKU-Default-Run-brastk - C:\WINDOWS\system32\brastk.exe
    SafeBoot-TDSSmqlt.sys


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Michel Leclerc\Application Data\Mozilla\Firefox\Profiles\3d9ir4dl.default\
    FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-23 19:10:40
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\VdCap03C\StillMnt.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\stacsv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-23 19:21:56 - La machine a redémarré [Michel Leclerc]
    ComboFix-quarantined-files.txt 2008-10-23 23:21:52

    Avant-CF: 111,440,490,496 octets libres
    Après-CF: 111,582,638,080 octets libres

    233 --- E O F --- 2008-10-19 02:30:49

    Voilà le rapport! L'ordinateur semble en meilleur état. Merci encore! Si je dois faire autre chose, suffit de me le préciser! ;) 
    24 Octobre 2008 05:29:21

    Il semble, mais ne l'est pas vraiment en fait. Tout arrête de fonctionner à part la souris après un certain temps...
    a b 8 Sécurité
    24 Octobre 2008 17:28:53

    Il y a encore du boulot.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    24 Octobre 2008 23:14:02

    Malwarebytes' Anti-Malware 1.30

    Version de la base de donnÈes: 1316

    Windows 5.1.2600 Service Pack 3



    2008-10-24 17:02:17

    mbam-log-2008-10-24 (17-02-17).txt



    Type de recherche: Examen complet (C:\|)

    ElÈments examinÈs: 144409

    Temps ÈcoulÈ: 36 minute(s), 20 second(s)



    Processus mÈmoire infectÈ(s): 0

    Module(s) mÈmoire infectÈ(s): 0

    ClÈ(s) du Registre infectÈe(s): 16

    Valeur(s) du Registre infectÈe(s): 5

    ElÈment(s) de donnÈes du Registre infectÈ(s): 0

    Dossier(s) infectÈ(s): 4

    Fichier(s) infectÈ(s): 45



    Processus mÈmoire infectÈ(s):

    (Aucun ÈlÈment nuisible dÈtectÈ)



    Module(s) mÈmoire infectÈ(s):

    (Aucun ÈlÈment nuisible dÈtectÈ)



    ClÈ(s) du Registre infectÈe(s):

    HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.



    Valeur(s) du Registre infectÈe(s):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\menu dÈmarrer\programmes\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.



    ElÈment(s) de donnÈes du Registre infectÈ(s):

    (Aucun ÈlÈment nuisible dÈtectÈ)



    Dossier(s) infectÈ(s):

    C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.



    Fichier(s) infectÈ(s):

    C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.

    C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Program Files\AdwareAlert\AdwareAlert.url (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Program Files\AdwareAlert\DataBase.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Program Files\AdwareAlert\SpyCleaner.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Program Files\AdwareAlert\vistaCPtasks.xml (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 21 - 11_31_16 PM_937.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 21 - 11_39_37 PM_468.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 04_25_13 PM_078.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 05_09_37 PM_328.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 05_14_14 PM_703.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 07_55_12 AM_031.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 08_00_02 AM_468.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 08_03_11 AM_671.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 08_44_52 PM_656.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 08_53_45 PM_031.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 10_19_25 PM_781.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 22 - 10_45_10 PM_281.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 05_54_06 PM_734.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 06_55_14 AM_375.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 07_09_50 AM_187.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 07_11_53 PM_828.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 09_42_49 PM_531.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 09_46_46 AM_656.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 09_52_35 PM_906.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 09_57_00 AM_703.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 09_57_37 PM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 10_01_01 AM_812.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 10_04_31 PM_703.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 10_10_17 AM_906.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 23 - 11_10_22 PM_687.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 24 - 03_52_47 PM_796.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Log\2008 Oct 24 - 08_56_28 AM_015.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Michel Leclerc\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\Documents and Settings\All Users\Bureau\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    ____________________________________
    Voilà! Merci encore!
    a b 8 Sécurité
    25 Octobre 2008 11:51:12

    Reposte un rapport Hijackthis.
    25 Octobre 2008 16:09:12

    Logfile of HijackThis v1.99.1
    Scan saved at 10:05:22, on 2008-10-25
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Michel Leclerc\Bureau\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uplo...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

    a b 8 Sécurité
    25 Octobre 2008 18:09:07

    Tu as combien d'antivirus ?
    25 Octobre 2008 18:31:32

    Avant que le virus m'attaque, seulement un, mais j'ai téléchargé certaines recommandations de mes amis, car je croyais que ça aurait pu aider. J'avais Trend Micro et j'ai ensuite installé Avast et Ad-aware. Ensuite, j'ai installé, sous ta recommandation, combofix, mawarebite et hijackthis.
    a b 8 Sécurité
    25 Octobre 2008 18:36:42

    Vire Trend Micro et Avast! pour mettre AntiVir.
    25 Octobre 2008 19:49:57

    Bizarrement, lorsque je démarre le setup de Trend Micro, on me dit qu'il a été mal installé ou qu'il manque des parties du fichiers. Est-ce que j'installe antivir quand même juste en désactivant Trend Micro?

    P.S.: Pour l'avoir essayer pour presque 30 minutes maintenant, je peux dire que l'ordinateur va mieux jusqu'à présent.
    25 Octobre 2008 21:20:35

    Voilà! Pas besoin de la version payante pour que Antivir soit efficace?
    a b 8 Sécurité
    25 Octobre 2008 21:25:29

    Nop ;) 
    25 Octobre 2008 21:27:30

    Eh ben!! Merci vraiment pour tout! ;)  Tout à l'air comme avant. =D
    a b 8 Sécurité
    25 Octobre 2008 21:42:14

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS