Se connecter avec
S'enregistrer | Connectez-vous
Votre question

buffer overrun detected

Tags :
  • Buffer
  • Sécurité
Dernière réponse : dans Sécurité et virus
Partagez
14 Mars 2008 16:23:22

bonjour je ne suis pas trop expert en informatique et j ai ce message avec internet explorateur
(buffer overrun detected!

program: c:windows/explorer.EXE


a buffer overrun has been detected which has corrupted the program s internal state . the program cannot safely continue execution and must now be terminated

merci a vous de m aider


quencel

Autres pages sur : buffer overrun detected

15 Mars 2008 11:16:34

Salut,

On va voir, le message ne me dit rien :p 

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
18 Mars 2008 18:27:32

bonjour desolez du retart voici le rapport hijackthisLogfile of Trend Micro HijackThis


v2.0.2
Scan saved at 18:22:30, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\winvsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/fileassoc.asp?LangID...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Virus Scanner] winvsvc.exe
O4 - HKLM\..\Run: [2c467ac3] rundll32.exe "C:\WINDOWS\system32\msxdhrgn.dll",b
O4 - HKLM\..\Run: [BM2f75495f] Rundll32.exe "C:\WINDOWS\system32\ljfawill.dll",s
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/telechargement/Photoweb_Uploader...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9757809B-AC2F-4C3E-B411-6F7FDABFDA5F}: NameServer = 192.168.1.1,86.64.145.142
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 9535 bytes
:

d avance merci de votre aide

quencel
Contenus similaires
18 Mars 2008 18:59:08

Re,

Infecté en effet.

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
24 Mars 2008 11:55:00

bonjour et desolez du retard!!!
voici le rapport et merci d avance
ComboFix 08-03-18.1 -xxxxxxxxxx 2008-03-22



16:47:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.308 [GMT 1:00]
Endroit: C:\Documents and Settings\xxxxxxxxxx \Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
.



(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.



C:\Documents and Settings\xxxxxxxxxx\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\xxxxxxxxxx\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\xxxxxxxxxx\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\bdbuqkfg.dll
C:\WINDOWS\system32\bhcgbchm.dll
C:\WINDOWS\system32\byxyaaw.dll
C:\WINDOWS\system32\ckuwhmncgc.dat
C:\WINDOWS\system32\ckuwhmncgc.exe
c:\WINDOWS\system32\ckuwhmncgc_nav.dat
c:\WINDOWS\system32\ckuwhmncgc_navps.dat
C:\WINDOWS\system32\ckuwhmncgc_navup.dat
C:\WINDOWS\system32\ddcyaba.dll
C:\WINDOWS\system32\ebtrsbjd.dll
C:\WINDOWS\system32\fnistogc.dll
C:\WINDOWS\system32\gdypwgdk.ini
C:\WINDOWS\system32\ghigclpo.dll
C:\WINDOWS\system32\hahasuyx.dll
C:\WINDOWS\system32\iifghef.dll
C:\WINDOWS\system32\iserurtk.dll
C:\WINDOWS\system32\iuvyrbfq.dll
C:\WINDOWS\system32\kdgwpydg.dll
C:\WINDOWS\system32\kqqtjqal.dll
C:\WINDOWS\syste m32\laqjtqqk.ini
C:\WINDOWS\system32\lbueuttd.dll
C:\WINDOWS\system32\ljfawill.dll
C:\WINDOWS\system32\luegmfek.ini
C:\WINDOWS\system32\mdxeaaee.dll
C:\WINDOWS\system32\mfublryb.dll
C:\WINDOWS\system32\npajqunq.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\pqiunkna.dll
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\qnbqawtj.dll
C:\WINDOWS\system32\rmmvoltl.dll
C:\WINDOWS\system32\smhnotgu.dll
C:\WINDOWS\system32\sopfxday.dll
C:\WINDOWS\system32\srtvyahl.dll
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\udglcjhh.dll
C:\WINDOWS\system32\ufvbxrwj.dll
C:\WINDOWS\system32\umdtttsn.ini
C:\WINDOWS\system32\wdgfbrar.dll
C:\WINDOWS\system32\wgkfpidf.dll
C:\WINDOWS\system32\xtkvckyr.dll
C:\WINDOWS\system32\xxyxxxy.dll
C:\WINDOWS\system32\xypxfhmt.dll
C:\WINDOWS\system32\yayvvwt.dll
C:\WINDOWS\system32\yptimyka.dll



.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.



2008-03-20 17:53 . 2008-03-20 17:53 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-20 16:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-20 16:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-20 16:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-19 21:33 . 2008-03-19 21:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-19 21:32 . 2008-03-19 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-19 18:27 . 2008-03-20 20:51 1,559,122 ---hs---- C:\WINDOWS\system32\chfuqtta.ini
2008-03-19 18:05 . 2008-03-19 18:05 <REP> d-------- C:\Program Files\7-Zip
2008-03-18 18:22 . 2008-03-18 18:22 <REP> d-------- C:\Program Files\Trend Micro
2008-03-18 18:22 . 2008-03-19 18:23 1,330,844 ---hs---- C:\WINDOWS\system32\pptybsme.ini
2008-03-17 18:26 . 2008-03-18 18:19 1,355,238 ---hs---- C:\WINDOWS\system32\ngrhdxsm.ini
2008-03-16 12:55 . 2008-03-17 18:20 1,354,860 ---hs---- C:\WINDOWS\system32\svkerdpk.ini
2008-03-15 09:52 . 2008-03-15 14:43 1,366,872 ---hs---- C:\WINDOWS\system32\wvnjgfaa.ini
2008-03-12 21:47 . 2008-03-12 21:47 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 20:42 . 2008-03-13 20:42 1,390,124 ---hs---- C:\WINDOWS\system32\pfxaurqb.ini
2008-03-10 14:20 . 2008-03-11 19:33 1,315,046 ---hs---- C:\WINDOWS\system32\tqmjhptb.ini
2008-03-09 13:30 . 2008-03-10 14:17 1,318,103 ---hs---- C:\WINDOWS\system32\bgmwuljy.ini
2008-03-08 20:48 . 2008-03-19 18:08 1,298 --a------ C:\WINDOWS\cookies.MSNFix
2008-03-08 13:27 . 2008-03-09 13:27 1,307,801 ---hs---- C:\WINDOWS\system32\fhjahkni.ini
2008-03-07 13:58 . 2008-03-07 12:55 76,800 --a------ C:\WINDOWS\system32\winvsvc.MSNFix



.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 10:40 --------- d-----w C:\Documents and Settings\xxxxxxxxxx\Application Data\OpenOffice.org2
2008-03-20 16:40 --------- d-----w C:\Program Files\eMule
2008-03-13 15:15 --------- d-----w C:\Program Files\MSN Messenger
2008-02-04 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\OLYMPUS
2008-02-04 20:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 20:49 --------- d-----w C:\Program Files\OLYMPUS
2008-02-01 12:00 --------- d-----w C:\Documents and Settings\yyyyy\Application Data\Grisoft
2008-01-24 20:24 --------- d-----w C:\Documents and Settings\xxxxxxxxxx\Application Data\Thunderbird
.



((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-02-01 16:45 98304]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 21:08 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 16:46 295936]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00 208952]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-30 04:36 98304]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-30 04:25 26112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqppmj]
ssqppmj.dll



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=




.
**************************************************************************



catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 16:57:19
Windows 5.1.2600 Service Pack 2 NTFS



Balayage processus cachés ...



Balayage caché autostart entries ...



Balayage des fichiers cachés ...



Scan terminé avec succès
Les fichiers cachés: 0



**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-22 17:00:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 16:00:21
.

merci quencel
24 Mars 2008 12:19:51

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\ssqppmj.dll
C:\WINDOWS\system32\chfuqtta.ini
C:\WINDOWS\system32\pptybsme.ini
C:\WINDOWS\system32\ngrhdxsm.ini
C:\WINDOWS\system32\svkerdpk.ini
C:\WINDOWS\system32\wvnjgfaa.ini
C:\WINDOWS\system32\pfxaurqb.ini
C:\WINDOWS\system32\tqmjhptb.ini
C:\WINDOWS\system32\bgmwuljy.ini
C:\WINDOWS\cookies.MSNFix
C:\WINDOWS\system32\fhjahkni.ini
C:\WINDOWS\system32\winvsvc.MSNFix

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"MsnMsgr"=-
"swg"=-
"updateMgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=-
""DetectorApp"=-
"ISUSPM Startup"=-
"ISUSScheduler"=-
"NWEReboot"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"RealTray"=-
"!AVG Anti-Spyware"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqppmj]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.



24 Mars 2008 13:28:47

re... il n y a pa eu de redemarrage ..et 1 seul rapport
le voici
merci


ComboFix 08-03-18.1 - xxxxxxxxx 2008-03-24 13:19:30.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.424 [GMT 1:00]
Endroit: C:\Documents and Settings\xxxxxxxxxxx\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\xxxxxxxxx\Mes documents\CFScript.txt..txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\cookies.MSNFix
C:\WINDOWS\system32\bgmwuljy.ini
C:\WINDOWS\system32\chfuqtta.ini
C:\WINDOWS\system32\fhjahkni.ini
C:\WINDOWS\system32\ngrhdxsm.ini
C:\WINDOWS\system32\pfxaurqb.ini
C:\WINDOWS\system32\pptybsme.ini
C:\WINDOWS\system32\ssqppmj.dll
C:\WINDOWS\system32\svkerdpk.ini
C:\WINDOWS\system32\tqmjhptb.ini
C:\WINDOWS\system32\winvsvc.MSNFix
C:\WINDOWS\system32\wvnjgfaa.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.MSNFix
C:\WINDOWS\system32\bgmwuljy.ini
C:\WINDOWS\system32\chfuqtta.ini
C:\WINDOWS\system32\fhjahkni.ini
C:\WINDOWS\system32\ngrhdxsm.ini
C:\WINDOWS\system32\pfxaurqb.ini
C:\WINDOWS\system32\pptybsme.ini
C:\WINDOWS\system32\svkerdpk.ini
C:\WINDOWS\system32\tqmjhptb.ini
C:\WINDOWS\system32\winvsvc.MSNFix
C:\WINDOWS\system32\wvnjgfaa.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))))))
.

2008-03-20 17:53 . 2008-03-20 17:53 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-20 16:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-20 16:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-20 16:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-19 21:33 . 2008-03-19 21:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-19 21:32 . 2008-03-19 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-19 18:05 . 2008-03-19 18:05 <REP> d-------- C:\Program Files\7-Zip
2008-03-18 18:22 . 2008-03-18 18:22 <REP> d-------- C:\Program Files\Trend Micro
2008-03-12 21:47 . 2008-03-12 21:47 127 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 11:54 --------- d-----w C:\Program Files\eMule
2008-03-24 09:29 --------- d-----w C:\Documents and Settings\xxxxxxxxxx\Application Data\OpenOffice.org2
2008-03-13 15:15 --------- d-----w C:\Program Files\MSN Messenger
2008-02-04 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\OLYMPUS
2008-02-04 20:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 20:49 --------- d-----w C:\Program Files\OLYMPUS
2008-02-01 12:00 --------- d-----w C:\Documents and Settings\xxxxxApplication Data\Grisoft
2008-01-24 20:24 --------- d-----w C:\Documents and Settings\xxxxxxxxx\Application Data\Thunderbird
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-22_17.00.09.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-24 09:25:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4f8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 16:46 295936]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00 208952]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\xxxxxxxxxx\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 13:22:37
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-24 13:23:05
ComboFix-quarantined-files.txt 2008-03-24 12:23:02
ComboFix2.txt 2008-03-22 16:00:25
.
2008-03-20 16:53:25 --- E O F ---
24 Mars 2008 14:29:58

Bien, où en sont tes problèmes ? ;) 

Reposte un HijackThis.
24 Mars 2008 16:01:45

ce qui veut dire ( desolez ) je saisie pa
24 Mars 2008 18:18:14

Reposte un nouveau rapport Hijackthis comme au début ;) 

Tu n'as pas répondu, tes problèmes ?
24 Mars 2008 19:07:11

apparament le message d erreur n apparait +
voici le rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:20, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/fileassoc.asp?LangID...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/telechargement/Photoweb_Uploader...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9757809B-AC2F-4C3E-B411-6F7FDABFDA5F}: NameServer = 192.168.1.1,86.64.145.142
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 9250 byte

merci


24 Mars 2008 19:29:56

Re,

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
24 Mars 2008 21:34:27

j envoye le dossier mais la page bugg plus rien n apparait et j ai refais une fois pareil rien
que faire ??
24 Mars 2008 21:47:38

apparament ct long !!!
voici le rapport
24/03/2008 a 21:24:26,64

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
voila
25 Mars 2008 22:06:12

Re,

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.

******

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
26 Mars 2008 22:10:56

j ai commencer mais tout ca c trop compliquer pour moi ...je vais y faire ca va me prendre du temps !!! pa avant demain soir pour le 1er rapport
merci
quencel
27 Mars 2008 15:34:57

Salut !

J'ai exactement le même soucis, sauf que je ne vois pas du tout quels éléments bloquer dans le rapport Combofix.

Quelqu'un peut m'aider ?


ComboFix 07-08-09.3 - "a016423" 2008-03-27 15:22:18.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.375 [GMT 1:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtss.dll


((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))


2008-03-27 15:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2008-03-27 14:18 <REP> d-------- C:\ScreenSaver
2008-03-27 10:46 89,152 --a------ C:\WINDOWS\system32\gvvtuets.dll
2008-03-27 10:43 92,224 --a------ C:\WINDOWS\system32\msmmxsgd.dll
2008-03-27 10:40 90,688 --a------ C:\WINDOWS\system32\tdvmdppq.dll
2008-03-27 09:43 92,736 --a------ C:\WINDOWS\system32\oxuqjnau.dll
2008-03-27 09:40 90,688 --a------ C:\WINDOWS\system32\uptyfast.dll
2008-03-05 15:29 <REP> d-------- C:\Program Files\CCleaner
2008-03-05 15:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-05 11:28 691,545 --a------ C:\WINDOWS\unins001.exe
2008-03-05 11:28 2,555 --a------ C:\WINDOWS\unins001.dat
2008-03-05 11:26 <REP> d-------- C:\Program Files\Lavasoft
2008-03-05 11:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-03-05 11:25 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-03-05 11:07 3,928 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-05 10:51 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 14:58 <REP> d-------- C:\Program Files\Quest Software
2008-02-29 14:23 <REP> d-------- C:\Program Files\StarInix


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-03-27 15:26 --------- d-------- C:\Program Files\Symantec AntiVirus
2008-03-27 15:24 689918 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-03-27 15:24 151156 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-03-24 23:16 86440 --a------ C:\WINDOWS\system32\nvModes.dat
2008-03-14 15:45 --------- d-------- D:\PACK_U~1\a016423\APPLIC~1\U3
2008-03-05 11:26 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-07 11:08 --------- d-------- C:\Program Files\Microsoft Enterprise Library January 2006
2008-02-07 10:54 --------- d-------- C:\Program Files\Microsoft Visual SourceSafe
2008-02-05 18:43 --------- d-------- C:\Program Files\Microsoft SQL Server
2008-02-05 18:17 --------- d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-05 18:17 --------- d-------- C:\Program Files\Microsoft Device Emulator
2008-02-05 18:13 --------- d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-05 18:12 --------- d-------- C:\Program Files\MSBuild
2008-02-05 18:12 --------- d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-02-05 18:09 --------- d-------- C:\Program Files\Fichiers communs\Business Objects
2008-02-05 18:08 --------- d-------- C:\Program Files\CE Remote Tools
2008-02-05 17:51 --------- d-------- C:\Program Files\D-Tools
2008-01-10 19:47 377344 --------- C:\WINDOWS\system32\dllcache\asp51.dll
2008-01-10 06:23 257024 --------- C:\WINDOWS\system32\dllcache\infocomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{182C7ED7-E56D-4509-9D9B-AC49318D9895}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ACBF56A-A115-4B3C-8AB7-CAB05C38DB71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53EC232F-29C0-4184-A6E7-91EBB6E187BB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6615C461-DFD4-4BD0-B1C6-B43ACFE51FF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EC80E16-91EB-4699-A1CE-EF7E66E388B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a98673a4-73d9-42d0-bbdc-a66095fc97ac}]
2008-03-27 10:43 92224 --a------ C:\WINDOWS\system32\msmmxsgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD267294-C0E4-424B-98A3-844645FC819D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2666159-2236-4F28-AA0C-9A2F717AC9C1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA544B29-059B-4758-BBC5-2E126AC69C11}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-01-19 15:14]
"NVHotkey"="nvHotkey.dll" [2006-01-19 15:14 C:\WINDOWS\system32\nvhotkey.dll]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-03-16 11:33]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-05-09 16:47]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-04 01:39]
"nwiz"="nwiz.exe" [2006-01-19 15:14 C:\WINDOWS\system32\nwiz.exe]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 22:50]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 17:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 17:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 22:19]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 18:26]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 20:58]
"Communicator01"="C:\Program Files\Microsoft Office Communicator\Find user info.vbs" [2006-10-02 14:50]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-18 22:02]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 20:13]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20]
"d84b6487"="C:\WINDOWS\system32\gvvtuets.dll" [2008-03-27 10:46]
"BMdb78571b"="C:\WINDOWS\system32\tdvmdppq.dll" [2008-03-27 10:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 22:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-03 09:13]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 23:46:00]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 15:39:02]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2008-01-07 17:34:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtrr]
tuvvtrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhdn32]
winhdn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtss.dll

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
R1 vmm;Virtual Machine Monitor;\??\C:\WINDOWS\system32\Drivers\vmm.sys
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 IISADMIN;Administration IIS;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe"
R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R2 Selligent.Settings.710200;Selligent Settings service 710200;D:\Program Files\Selligent\Selligent Xat Business Server\Application\DllNet\Selligent.Service.Settings.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
R3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
R3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
R3 VPCNetS2;Virtual Machine Network Services Driver;C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe"
S3 Selligent.Application.710200;Selligent Application service 710200;D:\Program Files\Selligent\Selligent Xat Business Server\Application\DllNet\Selligent.Service.Application.exe
S3 Selligent.Cache.710200;Selligent cache service 710200;D:\Program Files\Selligent\Selligent Xat Business Server\Application\DllNet\Selligent.Service.Cache.exe
S3 Selligent.Config.710200;Selligent config service 710200;D:\Program Files\Selligent\Selligent Xat Business Server\Application\DllNet\Selligent.Service.Config.exe
S3 Selligent.Connector.710200;Selligent connector host service 710200;D:\Program Files\Selligent\Selligent Xat Business Server\Application\DllNet\Selligent.Service.Connector.exe
S3 Selligent.Rules.710200;Selligent Rules service 710200;D:\Program Files\Selligent\Selligent Xat Business Server\Application\DllNet\Selligent.Service.Rules.exe
S3 Selligent.Sessions.710200;Selligent sessions service 710200;D:\Program Files\Selligent\Selligent Xat Business Server\Application\DllNet\Selligent.Service.Sessions.exe
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
S3 toshidpt;TOSHIBA Bluetooth HID port driver;C:\WINDOWS\system32\drivers\Toshidpt.sys
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;C:\WINDOWS\system32\drivers\TosRfSnd.sys
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS
S3 VSPerfDrv;Performance Tools Driver;\??\C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
S4 SQLBrowser;SQL Server Browser;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21acc4bc-f02d-11dc-b4a7-00188bc0709e}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab00eca-d49b-11dc-b478-00188bc0709e}]
AutoRun\command- G:\WD_Windows_Tools\setup.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 15:25:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CB22152DE06A36646B200B71811F0244\Usage]
"Complete"=dword:387b0163
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000008a

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sr]
"ImagePath"=hex:5c,53,79,73,74,65,6d,52,6f,6f,74,5c,53,79,73,74,65,6d,33,32,5c,\

Completion time: 2008-03-27 15:27:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-03-27 15:27

--- E O F ---



Merci !

Nox75
27 Mars 2008 18:18:33

Merci de créer ton sujet ! ;) 
27 Mars 2008 21:24:06

bonsoir je vais attaquer tout ca ce w end a tete reposee

merci d avance

quencel
29 Mars 2008 13:36:27

bonjour voi le rapport de avg



AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 08:08:09 29/03/2008

+ Résultat de l'analyse:



C:\Documents and Settings\boutet yannick\Mes documents\MSNFix\MSNFix\19032008_18160831.zip/backup/MyPhoto94.zip/MyPhoto94.JPG_ScannedByMcafee.com -> Backdoor.IRCBot.bxf : Nettoyé.
C:\Documents and Settings\boutet yannick\Mes documents\MSNFix\MSNFix\19032008_18160831.zip/backup/MyPhoto51.zip/MyPhoto51.JPG_ScannedByMcafee.com -> Backdoor.IRCBot.byu : Nettoyé.
C:\Documents and Settings\boutet yannick\Mes documents\MSNFix\MSNFix\19032008_18160831.zip/backup/MyPhoto54.zip/MyPhoto54.JPG_ScannedByMSN.com -> Backdoor.IRCBot.byu : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\byxyaaw.dll.vir -> Not-A-Virus.Adware : Nettoyé.
C:\QooBox\Quarantine\catchme2008-03-22_165710.09.zip/ddcyaba.dll -> Not-A-Virus.Adware : Nettoyé.
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP234\A0045788.dll -> Not-A-Virus.Adware : Nettoyé.
C:\Documents and Settings\boutet yannick\Mes documents\MSNFix\MSNFix\19032008_18160831.zip/backup/removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@himedia.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@estat[2].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@argenius.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@gqmagazine.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@laredoute.solution.weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@toyotaauris21mars09avril.solution.weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\boutet yannick\Cookies\boutet_yannick@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport

29 Mars 2008 13:38:56

et voici le rapport clean option 2

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 29/03/2008 a 8:10:45,29

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
29 Mars 2008 14:18:34

Bien ;)  Continue, presque fini !
6 Avril 2008 11:18:46

pour vous dire que je n ai plus de soucis !!!
tout fonctionne bien !!!

un grand merci a vous pour votre aide !!!!
!!!
merci encore !!!!

quencel!!!!
6 Avril 2008 11:31:26

Un petit rapport AntiVir ?
Après on nettoie le HijackThis et c'est fini !
Allez !
6 Avril 2008 18:56:50

05.04.2008 21:33:28 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.04.2008 21:33:28 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
05.04.2008 21:33:28 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f7d408\
05.04.2008 21:33:28 - Start the Update GUI... Displaymode: 1

05.04.2008 21:33:28 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.04.2008 21:33:28 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
05.04.2008 21:33:28 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f7d408\
05.04.2008 21:33:28 - Start the Update GUI... Displaymode: 1

05.04.2008 21:33:52 - Keyfile: OK [FULL Mode]

05.04.2008 21:33:52 - Avira AntiVir PersonalEdition Classic

05.04.2008 21:33:53 - Master IDX file has changed
05.04.2008 21:33:58 - Keyfile: OK [FULL Mode]

05.04.2008 21:33:58 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
05.04.2008 21:33:58 - Downloading the product.info file from http://dl2.avgate.net/upd/idx/vdf.info.gz
05.04.2008 21:34:01 - Keyfile: OK [FULL Mode]

05.04.2008 21:34:01 - Downloading the product.info file from http://dl2.avgate.net/upd/idx/specvir-nt.info.gz
05.04.2008 21:34:02 - Downloading the product.info file from http://dl2.avgate.net/upd/idx/engine.info.gz
05.04.2008 21:34:02 - Downloading the product.info file from http://dl2.avgate.net/upd/idx/engine-nt-en.info.gz
05.04.2008 21:34:03 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
05.04.2008 21:34:03 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
05.04.2008 21:34:06 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
05.04.2008 21:34:06 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
05.04.2008 21:34:07 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
05.04.2008 21:34:07 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.3.116 < 7.0.3.121
05.04.2008 21:34:07 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
05.04.2008 21:34:07 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
05.04.2008 21:34:07 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll 7.6.0.80 < 7.6.0.81
05.04.2008 21:34:07 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
05.04.2008 21:34:07 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
05.04.2008 21:34:07 - Minifilter is installed

05.04.2008 21:34:07 - Minifilter is possible

05.04.2008 21:34:07 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

05.04.2008 21:34:07 - Initialize avnotify.exe

05.04.2008 21:34:07 - Starting avnotify.exe successful

05.04.2008 21:34:07 - Preparing to download files
05.04.2008 21:34:07 - 2 files need to be downloaded / copied from http://dl2.avgate.net/upd/
05.04.2008 21:34:07 - #1: Downloading and extracting http://dl2.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f7d408\vdf\antivir3.vdf
05.04.2008 21:34:10 - #2: Downloading and extracting http://dl2.avgate.net/upd/engine/avewin32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f7d408\engine\avewin32.dll
05.04.2008 21:34:31 - Status of service AntiVirService is running

05.04.2008 21:34:31 - Initialize avscan.exe

05.04.2008 21:34:31 - Initialize avcenter.exe

05.04.2008 21:34:31 - Initialize avgnt.exe

05.04.2008 21:34:31 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir0.vdf.

05.04.2008 21:34:31 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir1.vdf.

05.04.2008 21:34:31 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir2.vdf.

05.04.2008 21:34:31 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir3.vdf.

05.04.2008 21:34:31 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll.

05.04.2008 21:34:31 - avgnt.exe closed.

05.04.2008 21:34:35 - Starting to install
05.04.2008 21:34:35 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f7d408\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.04.2008 21:34:35 - File C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll will not be backed up because it doesn't exist
05.04.2008 21:34:35 - Processing module ENGINE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f7d408\engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.04.2008 21:34:36 - A total of 2 files were updated
05.04.2008 21:34:36 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress

05.04.2008 21:34:36 - Status of service AntiVirService is running

05.04.2008 21:34:39 - Reinitialization of AntiVirService carried out successfully.

05.04.2008 21:34:40 - Starting avgnt.exe successful

05.04.2008 21:34:40 - Dialup: 0

05.04.2008 21:34:40 - Downloaded bytes: 1511017

05.04.2008 21:34:40 - Downloaded file(s): 2

05.04.2008 21:34:40 - Downloaded file(s): antivir3.vdf; avewin32.dll

05.04.2008 21:34:40 - Engine version local : 7.6.0.80

05.04.2008 21:34:40 - Engine version internet: 7.6.0.81

05.04.2008 21:34:40 - 0. VDF version local : 6.40.0.0

05.04.2008 21:34:40 - 0. VDF version internet: 6.40.0.0

05.04.2008 21:34:40 - 1. VDF version local : 7.0.3.2

05.04.2008 21:34:40 - 1. VDF version internet: 7.0.3.2

05.04.2008 21:34:40 - 2. VDF version local : 7.0.3.85

05.04.2008 21:34:40 - 2. VDF version internet: 7.0.3.85

05.04.2008 21:34:40 - 3. VDF version local : 7.0.3.116

05.04.2008 21:34:40 - 3. VDF version internet: 7.0.3.121

05.04.2008 21:34:40 - Required time: 01:11

05.04.2008 21:34:40 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate

05.04.2008 21:34:41 - Update finished successfully


c est tout marquer en anglais j ai pris le dernier ds report ??

le voici

6 Avril 2008 19:22:13

Ce n'est pas le bon rapport :p 
6 Avril 2008 23:08:07

j ai fai scan now et voici le rapport :


AntiVir PersonalEdition Classic
Report file date: dimanche 6 avril 2008 22:23

Scanning for 1181591 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: yannick

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:13:35
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 13:13:35
ANTIVIR3.VDF : 7.0.3.122 195072 Bytes 05/04/2008 19:34:00
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 05/04/2008 19:34:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/03/2008 13:13:36
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 6 avril 2008 22:23

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SMPSYS.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned
Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: dimanche 6 avril 2008 23:05
Used time: 41:21 min

The scan has been done completely.

6830 Scanning directories
349699 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
349699 Files not concerned
7930 Archives were scanned
2 Warnings
1 Notes

voila j espere que c le bon
6 Avril 2008 23:33:39

Apparemment c'est bon ;) 

Reposte un dernier hijackthis.
7 Avril 2008 21:04:24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:25, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/fileassoc.asp?LangID...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/telechargement/Photoweb_Uploader...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9757809B-AC2F-4C3E-B411-6F7FDABFDA5F}: NameServer = 192.168.1.1,86.64.145.142
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 9124 bytes
voila
7 Avril 2008 22:53:19

Re,

Relance HiJackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc [...] 0c&Ext=pps
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked!

*******

Télécharge ToolsCleaner2( de A.Rothstein)

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter],
Poste ce rapport ~>C:\TCleaner.txt<~

Garde ccleaner, avg et antivir si nous les avons installé..
Désactive-réactive la restauration système
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Vundo
Si tu ne la trouves pas dans la liste, poste dans Autres infections,

Puis regarde ces dossiers :

Sécurité/Prévention
Conséquences de la multi-protection
Toolbars : Inutilité et ralentissements

Bonne journée/soirée :) 
8 Avril 2008 22:11:00

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\xxxx\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\xxxxx\Bureau\clean\tar.exe: trouvé !
C:\Documents and Settings\xxx xxxx\Bureau\clean\remove.reg: trouvé !
C:\Documents and Settings\xxx\Bureau\clean\pskill.exe: trouvé !
C:\Documents and Settings\xxx\Bureau\clean\LFiles.exe: trouvé !
C:\Documents and Settings\xxx\Bureau\clean\gzip.exe: trouvé !
C:\Documents and Settings\xxxx\Bureau\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\xxxxx\Bureau\clean\delr.cmd: trouvé !
C:\Documents and Settings\xxx\Bureau\clean\del3.cmd: trouvé !
C:\Documents and Settings\xxx\Bureau\clean\del2.cmd: trouvé !
C:\Documents and Settings\xxx\Bureau\clean\clean.cmd: trouvé !
C:\Documents and Settings\xx xx\Bureau\clean\cherche.cmd: trouvé !
C:\Documents and Settings\xxx\Mes documents\Clean.zip: trouvé !
C:\Documents and Settings\xxx\Mes documents\Msnfix.zip: trouvé !
C:\Documents and Settings\xxx\Mes documents\ComboFix.exe: trouvé !
C:\Documents and Settings\xxx\Mes documents\HJTInstall.exe: trouvé !
C:\Documents and Settings\xxx\Mes documents\MsnFix: trouvé !
C:\Documents and Settings\xxx\Mes documents\MSNFix\MsnFix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\xxxxxxxx\Bureau\clean\tar.exe: supprimé !
C:\Documents and Settings\xx xxxx\Bureau\clean\remove.reg: supprimé !
C:\Documents and Settings\xxx\Bureau\clean\pskill.exe: supprimé !
C:\Documents and Settings\xxxBureau\clean\LFiles.exe: supprimé !
C:\Documents and Settings\xxx\Bureau\clean\gzip.exe: supprimé !
C:\Documents and Settings\xxxBureau\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\xxx\Bureau\clean\delr.cmd: supprimé !
C:\Documents and Settings\xxx\Bureau\clean\del3.cmd: supprimé !
C:\Documents and Settings\xxxxBureau\clean\del2.cmd: supprimé !
C:\Documents and Settings\xxxBureau\clean\clean.cmd: supprimé !
C:\Documents and Settings\xxx xxx\Bureau\clean\cherche.cmd: supprimé !
C:\Documents and Settings\xxx\Mes documents\Clean.zip: supprimé !
C:\Documents and Settings\xxx\Mes documents\Msnfix.zip: supprimé !
C:\Documents and Settings\xxxx\Mes documents\ComboFix.exe: supprimé !
C:\Documents and Settings\xxxx\Mes documents\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\xxxx\Mes documents\MsnFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
8 Avril 2008 22:32:06

Clean ;) 

Salut
11 Avril 2008 21:42:17

un grand merci !!! pour tout !!!
quencel
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS