keymonkey

Bonjour Falkra, Il semble que le problème soit résolu, je me suis reconnecté suite à l"analyse et la suppression de MBAM, et la machine fonctionne, je ne vois plus de traces internet qui ne m'appartiennent pas dans mon historique, les programmes s'ouvrent normalement, ce qui n'était pas le cas. Mais je ne suis pas un spécialiste.....

Ça marche voici le rapport: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3988 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-04-15 20:52:46 mbam-log-2010-04-15 (20-52-46).txt Type d'examen: Examen rapide Elément(s) analysé(s): 120036 Temps écoulé: 11 minute(s), 47 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 15 Elément(s) de données du Registre infecté(s): 8 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 28 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\AntiWPA.dll (Trojan.I.Stole.Windows) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmaymdbwqwmby (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\itype (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intellipoint (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\quicktime task (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\davclnt.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\USER\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\USER\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\USER\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\PRAGMAymdbwqwmby (Trojan.DNSChanger) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Microsoft IntelliType Pro\itype.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\QT Lite\qttask.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\notepad.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PRAGMAnexuwpbdgi.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PRAGMApkmhwrrjkn.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PRAGMAskmdypaobr.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\hhdxs.sys (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\USER\Local Settings\Temp\davclnt .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\geurge .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ctv3708 .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAymdbwqwmby\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PRAGMAibomqlvyjh.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\PRAGMA7003.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Favoris\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\AntiWPA.dll (Trojan.I.Stole.Windows) -> Delete on reboot. C:\WINDOWS\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Local Settings\Temp\iexplarer.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\iexplarer.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Adobe\acrotray .exe (Trojan.Dropper) -> Quarantined and deleted successfully.

OK j'essaie et je reviens plus tard Merci

Bonjour Falkra, J'ai procédé comme mentionné plus haut. Cependant, après avoir fait "Exécuter un examen rapide" Une fenetre s'ouvre ''L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.'' Et là que je clique sur OK, ou que je ferme la fenetre, MBAM disparait (s'éteind), et je ne peux pas afficher les résultats ni supprimer la selection. Voici ce que j'ai obtenu. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-04-14 19:05:59 mbam-log-2010-04-14 (19-05-59).txt Type d'examen: Examen rapide Elément(s) analysé(s): 12237 Temps écoulé: 4 minute(s), 24 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ET Malwarebytes' Anti-Malware 1.45 DB: 3988 IE: Internet Explorer 8.0.6001.18702 OS: Windows 5.1.2600 Service Pack 3 EX: C:\Program Files\Malwarebytes' Anti-Malware\mbam DB: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref U: USER W: C:\WINDOWS S: C:\WINDOWS\system32 RD: C: PF: C:\Program Files CF: C:\Program Files\Fichiers communs DAS: C:\Documents and Settings D: C:\Documents and Settings\Administrateur\Bureau D: C:\Documents and Settings\All Users\Bureau D: C:\Documents and Settings\Default User\Bureau D: C:\Documents and Settings\LocalService\Bureau D: C:\Documents and Settings\NetworkService\Bureau D: C:\Documents and Settings\USER\Bureau D: C:\WINDOWS\system32\config\systemprofile\Bureau SM: C:\Documents and Settings\Administrateur\Menu Démarrer SM: C:\Documents and Settings\All Users\Menu Démarrer SM: C:\Documents and Settings\Default User\Menu Démarrer SM: C:\Documents and Settings\NetworkService\Menu Démarrer SM: C:\Documents and Settings\USER\Menu Démarrer SM: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer UR: C:\Documents and Settings\Administrateur UR: C:\Documents and Settings\All Users UR: C:\Documents and Settings\Default User UR: C:\Documents and Settings\LocalService UR: C:\Documents and Settings\NetworkService UR: C:\Documents and Settings\USER UR: C:\WINDOWS\system32\config\systemprofile F: C:\Documents and Settings\Administrateur\Favoris F: C:\Documents and Settings\All Users\Favoris F: C:\Documents and Settings\Default User\Favoris F: C:\Documents and Settings\LocalService\Favoris F: C:\Documents and Settings\NetworkService\Favoris F: C:\Documents and Settings\USER\Favoris F: C:\WINDOWS\system32\config\systemprofile\Favoris AD: C:\Documents and Settings\All Users\Application Data AD: C:\Documents and Settings\USER\Application Data AD: C:\Documents and Settings\Administrateur\Application Data AD: C:\Documents and Settings\Default User\Application Data AD: C:\Documents and Settings\LocalService\Application Data AD: C:\Documents and Settings\NetworkService\Application Data AD: C:\WINDOWS\system32\config\systemprofile\Application Data QL: C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch TF: C:\Documents and Settings\Administrateur\Local Settings\Temp TF: C:\Documents and Settings\Default User\Local Settings\Temp TF: C:\Documents and Settings\LocalService\Local Settings\Temp TF: C:\Documents and Settings\NetworkService\Local Settings\Temp TF: C:\Documents and Settings\USER\Local Settings\Temp TF: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp TF: C:\WINDOWS\Temp P: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes P: C:\Documents and Settings\All Users\Menu Démarrer\Programmes P: C:\Documents and Settings\Default User\Menu Démarrer\Programmes P: C:\Documents and Settings\NetworkService\Menu Démarrer\Programmes P: C:\Documents and Settings\USER\Menu Démarrer\Programmes P: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes S: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage S: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage S: C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage S: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage S: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage D: C:\Documents and Settings\Administrateur\Mes documents D: C:\Documents and Settings\All Users\Documents D: C:\Documents and Settings\Default User\Mes documents D: C:\Documents and Settings\NetworkService\Mes documents D: C:\Documents and Settings\USER\Mes documents D: C:\WINDOWS\system32\config\systemprofile\Mes documents MBAM me dit cependant que j'ai 30 infections je crois, Merci pour une réponse

Merci Falkra, Je procède sitôt arrivé à la maison et je poste le rapport. Merci encore

Merci Falkra, Juste une petite précision, puis-je faire cela avec une clé USB comme recommandé par Basphet (plus haut), car j'ai coupé ma connexion internet. Ex: Télécharger Malwarebytes' Anti-Malware (MBAM) sur une clé USB au bureau, puis exuter le processus ci-haut sur ma machine à la maison, puis poster le rapport ensuite. Je crains de reconnecter ma machine à la maison, car un tiers l'utilise. Là je communique avec la machine au bureau.

OK, de toutes façons j'ai un CD Windows XP original acheté avec mon ancienne machine

Je ne peux pas dire, j'ai acheté cette machine chez un petit revendeur qui m'a tout installé il y a 1 an environ, je n'ai pas le CD Windows original.

Bonjour, Non je n'ai rien modifié, je n'y connais rien de toutes façons.

Bonjour, Merci pour l'assistance, voici le rapport Hijackthis, que dois-je faire? Scan saved at 19:06:31, on 2010-04-13 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: C:\WINDOWS\system32\t5og2se.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\t5og2se.dll (file missing) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\USER\LOCALS~1\Temp\geurge.exe O4 - HKLM\..\Run: [ReimageFTP] C:\Program Files\Reimage\Reimage Repair\ReiFTPWatchDog.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\USER\LOCALS~1\Temp\davclnt.exe O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\DOCUME~1\USER\LOCALS~1\Temp\sq7iv.exe O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\USER\LOCALS~1\Temp\install.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\S-1-5-21-1229272821-299502267-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {05CA9FB0-3E3E-4b36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: app_dll.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\t5og2se.dll (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 7915 bytes

Bonjour, Merci pour ce conseil, je vais procéder dès que possible.

SVP à l'aide, Mon ordinateur est entre les mains d'un hacker qui le controle à distance, Il surf sur le web avec mon ordinateur, Que faire J'ai tout coupé pour éviter les problèmes J'utilise un autre ordinateur pour envoyer ce message. Toutes les applications sont bloquées......je ne peut plus rien faire. SVP À L'AIDE !!!!!!!!

Bonjour, Ben voilà, mon PC est infecté, impossible pour les anti virus de supprimer l'infection. Es-ce que quelqu'un peut m'aider? Merci

Bonjour, C'est fait. Une dernière question, j'utilise Norton Antivirus 2008, puis-je utiliser en même temps AVGAS ? Merci

Bonjour Pear Tout marche pour le mieux....Merci encore pour le nettoyage.