Yopai

Alors voilà c'est fait ^^, moi je dis "BIG UP" \o/ à l'équipe et au forum de Zebulon, vraiment ce site fait du très bon travail: de la compétence, de la disponibilité, le tout avec sympathie, je ne pensais pas en venant ici avoir une réponse aussi rapide à mon problème et je ne regrette pas de m'être inscrit en plus, j'ai pu découvrir des conseils et tutoriaux très intéressants (bien que parfois laborieux à lire) qui, je pense, me serviront à optimiser mon utilisation du pc par la suite, en tout cas c'est très bien fait, très bien organisé ma foi, alors je vous dis un grand MERCI, surtout à Angelique qui a bien voulu consacrer une partie de son temps à mon problème -->*big kiss for U* SMACK!!!! Il me restera encore peut-être quelques petites questions pour nettoyer mon pc, j'ai des fichiers blocs note dont je ne me rappelle plus s'ils étaient déjà là ou non et s'ils servent à quelque chose d'important ou non

Voici le rapport d'antivir : Avira AntiVir Personal Report file date: jeudi 7 août 2008 13:33 Scanning for 1538728 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Yopai Computer name: GÉGÉ Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 04/08/2008 22:18:51 ANTIVIR3.VDF : 7.0.5.225 111104 Bytes 07/08/2008 09:22:23 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 22:19:12 AESCN.DLL : 8.1.0.23 119156 Bytes 06/08/2008 22:19:10 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 06/08/2008 22:19:08 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 06/08/2008 22:19:06 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 22:19:05 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50 AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 22:19:01 AEEMU.DLL : 8.1.0.7 430452 Bytes 06/08/2008 22:18:58 AECORE.DLL : 8.1.1.8 172406 Bytes 06/08/2008 22:18:56 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 06/08/2008 22:18:55 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 7 août 2008 13:33 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '61' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: jeudi 7 août 2008 15:04 Used time: 1:30:21 Hour(s) The scan has been done completely. 7574 Scanning directories 319480 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 319479 Files not concerned 7473 Archives were scanned 1 Warnings 0 Notes

Salut euh, bah qu'est-ce qui n'est pas bon??? O_o je n'ai pas bien suivi la procédure? Quoiqu'il en soit, voici le rapport de OTMoveIt2 C:\WINDOWS\Tasks\Symantec NetDetect.job moved successfully. C:\Program Files\Symantec\LiveUpdate moved successfully. C:\Program Files\Symantec moved successfully. C:\Program Files\AVG\AVG8 moved successfully. C:\Program Files\AVG moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVGUARD_48a1f861 moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\SYSSAFE moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\REPORTS moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\JOBS moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\EVENTS moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\EVENTDB moved successfully. C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic moved successfully. C:\Documents and Settings\All Users\Application Data\Avira moved successfully. C:\Documents and Settings\All Users\Application Data\Avg8 moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\MiniMessage moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\License moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new\Lang moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new\Help moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup\Lang moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup\Help moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware moved successfully. C:\Documents and Settings\All Users\Application Data\Lavasoft moved successfully. < C:\Documents and Settings\Yopai\[Nipponsei] Fate-Stay Night ED Single - Anata ga Ita Mori [Jyukai].zip > C:\Documents and Settings\Yopai\[Nipponsei] Fate-Stay Night ED Single - Anata ga Ita Mori [Jyukai].zip moved successfully. C:\WINDOWS\Internet Logs\xDB15.tmp moved successfully. C:\WINDOWS\Internet Logs\xDB14.tmp moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\Yopai\LOCALS~1\Temp\etilqs_gIzIGYx6s1043ogbguoI scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Yopai\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT06879.TMP scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_110924 Files moved on Reboot... File C:\DOCUME~1\Yopai\LOCALS~1\Temp\etilqs_gIzIGYx6s1043ogbguoI not found! C:\DOCUME~1\Yopai\LOCALS~1\Temp\hpodvd09.log moved successfully. File C:\WINDOWS\temp\ZLT06879.TMP not found! le scan d'antivir arrive ensuite

Voici le rapport de CFScript ComboFix 08-08-03.03 - Yopai 2008-08-06 23:47:24.2 - NTFSx86 Endroit: C:\Documents and Settings\Yopai\Bureau\Combo-fix.exe Command switches used :: C:\Documents and Settings\Yopai\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))))))) . 2008-08-04 10:37 . 2008-08-04 10:37 <REP> d-------- C:\Documents and Settings\InvitÚ 2008-08-03 20:01 . 2008-08-03 20:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-03 20:01 . 2008-08-03 20:01 <REP> d-------- C:\Documents and Settings\Yopai\Application Data\Malwarebytes 2008-08-03 20:01 . 2008-08-03 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-03 20:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-03 20:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-31 09:21 . 2008-07-31 09:21 107,134 --a------ C:\WINDOWS\UninstallFirefox.exe 2008-07-27 11:01 . 2008-07-27 11:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-26 23:02 . 2008-07-26 23:02 <REP> d-------- C:\Program Files\Sun 2008-07-26 23:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-26 20:18 . 2008-07-26 20:18 <REP> d-------- C:\Program Files\AVG 2008-07-26 14:51 . 2008-07-27 11:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-26 14:49 . 2008-07-31 10:10 255 --a------ C:\WINDOWS\wininit.ini 2008-07-26 14:21 . 2008-07-26 14:21 <REP> d-------- C:\Program Files\CCleaner 2008-07-26 13:32 . 2008-07-26 13:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-17 21:56 . 2008-07-17 21:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-07-08 19:15 . 2008-07-08 19:15 <REP> d-------- C:\Program Files\directx 2008-07-08 19:11 . 2008-07-08 19:11 <REP> d-------- C:\Program Files\Eidos Interactive . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-06 21:48 --------- d-----w C:\Documents and Settings\Yopai\Application Data\DNA 2008-08-04 08:21 --------- d-----w C:\Documents and Settings\Yopai\Application Data\Skype 2008-07-31 07:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-27 08:55 --------- d-----w C:\Documents and Settings\Yopai\Application Data\Lavasoft 2008-07-27 08:50 --------- d-----w C:\Program Files\Easy Internet signup 2008-07-26 21:00 --------- d-----w C:\Program Files\Java 2008-07-26 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-26 12:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-24 14:16 3,552,256 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2008-07-24 14:16 2,682,368 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2008-07-17 19:39 --------- d-----w C:\Program Files\Ubisoft 2008-06-27 14:15 --------- d-----w C:\Documents and Settings\Yopai\Application Data\AdobeUM 2008-06-24 17:42 --------- d-----w C:\Documents and Settings\Yopai\Application Data\BitTorrent 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-18 15:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-06-18 15:16 --------- d-----w C:\Documents and Settings\Yopai\Application Data\InterTrust 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-14 06:31 20,412,593 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-05-19 22:39 28,112 ----a-w C:\Documents and Settings\Yopai\Application Data\GDIPFONTCACHEV1.DAT 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2006-03-27 16:55 48,618,077 ----a-w C:\Documents and Settings\Yopai\[Nipponsei] Fate-Stay Night ED Single - Anata ga Ita Mori [Jyukai].zip 2006-02-18 18:21 680 ----a-w C:\Program Files\mpc2.reg 2006-02-18 18:21 596 ----a-w C:\Program Files\mpc1.reg 2006-02-18 18:21 5,050 ----a-w C:\Program Files\mpc7.reg 2006-02-18 18:21 32,754 ----a-w C:\Program Files\ffdsvsetts.reg 2006-02-18 18:21 31,532 ----a-w C:\Program Files\ffdssetts.reg 2006-02-18 18:21 3,972 ----a-w C:\Program Files\mpc4.reg 2006-02-18 18:21 3,865 ----a-w C:\Program Files\satsukidecodersettings.ini 2006-02-18 18:21 2,890 ----a-w C:\Program Files\mpc3.reg 2006-02-18 18:21 16,314 ----a-w C:\Program Files\mpc5.reg 2006-02-18 18:21 15,378 ----a-w C:\Program Files\mpc6.reg 2006-02-18 18:21 1,876 ----a-w C:\Program Files\ffdsasetts.reg 2005-11-11 14:11 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-01 12:16 289088] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-31 13:54 3084288] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40 159744] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-25 21:00 335872] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 19:56 483328] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 08:33 286720] "CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 17:32 278528] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-14 01:54 185896] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984] "WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-04-29 18:28 450560] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-06 16:50 155648] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54 278528] "HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 20:03 49152] "AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 15:40 88363 C:\WINDOWS\AGRSMMSG.exe] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP31"= vp31vfw.dll "VIDC.VP40"= vp4vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 19:52] R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 17:27] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 17:27] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 17:28] S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys [2004-03-22 16:50] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-05-12 16:24] *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-07-27 C:\WINDOWS\Tasks\Connexion facile à Internet.job - c:\Program Files\Easy Internet signup\HPSdpApp.exe [2004-02-12 13:39] 2008-08-06 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-06 23:54:44 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?8?9?8??????? ???B???????????????B? ?????? Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Temps d'accomplissement: 2008-08-06 23:59:10 ComboFix-quarantined-files.txt 2008-08-06 21:58:51 ComboFix2.txt 2008-08-04 08:37:00 Pre-Run: 16,613,031,936 octets libres Post-Run: 16,600,662,016 octets libres 179 --- E O F --- 2008-07-18 08:15:45

Coucou Angelique!!! Désolé, j'avais oublié ma prise secteur pour mon ordi en allant chez ma soeur (-_-)' je continue le reste de la procédure ce soir, j'en suis toujours au scan online du fichier zip, mais je ne suis pas sûr de bien comprendre comment ça marche XD, après avoir fait "submit", le fichier se load c'est alors là que se fait le scan? Ou bien est-ce après que le fichier soit loadé et à ce moment dans la barre de travail il n'y a plus le nom de l'emplacement à analyser, et le status est "ready for scan" ? Car après plusieurs essais, puisque je pensais qu'avec marqué "ready for scan" cela voulait dire que le scan avait été terminé et bien je ne constatais pas de rapport de scan...là je laisse tourner avec le status "ready for scan" même si j'ai l'impression que ça ne bouge pas...je verrai bien

Désolé, j'ai lancé le scan online pendant que je prenais ma douche, mais là, je n'ai pas de tableau récapitulatif comme dans le tutorial...(-_-)' alors que le scan semble être terminé car le status est "ready for scan"...hmmm...je me demande si ça ne viendrait pas de ma connexion qui saute de temps en temps car le scan semble être long...argh...je maudis la connexion wifi de mon propriétaire qui est parti en vacances XD bon tant pis, je recommencerai à partir du scan online ce soir car je dois sortir cet après midi, ce soir je serai à l'appartement de ma soeur, si je parviens à me connecter à sa livebox, côté connexion j'aurai moins de probleme je pense, donc si tu as des choses de prévu pour cet après-midi, inutile de m'attendre, je ne serai disponible que dans la soirée, encore merci et je te dis à ce soir pour la suite de mes aventures ^^

MDR!!! ^^ en fait, comme je suis un noob et que je n'y connais rien en sécurité informatique, depuis que j'ai chopé ce virus et bien j'ai fait le plein de protection, j'ai cherché sur le net les antivirus et anti-spywares appréciés des internautes et j'ai tout mis sur mon pc, ensuite ma copine qui est passée chez moi trouvait que ça ne servait à rien d'avoir 40000 protections sur mon pc et qu'en plus ça pouvait entrer en contradiction les uns contre les autres je crois donc elle a enlevé ceux qu'elle estimait inutiles, voilà voilà l'histoire, mais en prenant le temps de lire un peu vos tutoriaux en haut de page, j'ai pu lire que vous préférez Antivir à Avast côté protection, cela ne me gêne pas à priori d'installer Antivir à la place d'Avast, le seul truc c'est que j'ai beau parlé un peu l'anglais, mais sur un logiciel (surtout de protection) c'est un peu une autre histoire ^^ il faudrait que je prenne le temps de lire un tutorial d'Antivir Sinon je continue de suite le reste de la procédure merci

Remoi \o/ lol!!! ^^ donc quarantaine de MBAM vider (tout supprimer) et voici le rapport de CF, bisous au passage pour l'aide je reviens plus tard, je vais courir un peu. ComboFix 08-08-03.03 - Yopai 2008-08-04 10:13:17.1 - NTFSx86 Endroit: C:\Documents and Settings\Yopai\Bureau\Combo-fix.exe Command switches used :: C:\Documents and Settings\Yopai\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Yopai\Application Data\macromedia\Flash Player\#SharedObjects\36F5NZYG\interclick.com C:\Documents and Settings\Yopai\Application Data\macromedia\Flash Player\#SharedObjects\36F5NZYG\interclick.com\ud.sol C:\Documents and Settings\Yopai\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Yopai\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\system32\JmoYccdd.ini C:\WINDOWS\system32\JmoYccdd.ini2 C:\WINDOWS\system32\owikdqcc.ini C:\WINDOWS\system32\pkgprwrc.dll C:\WINDOWS\system32\quojns.dll C:\WINDOWS\system32\vjvhntvm.ini C:\WINDOWS\system32\wgrwchum.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))))))) . 2008-08-03 20:01 . 2008-08-03 20:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-03 20:01 . 2008-08-03 20:01 <REP> d-------- C:\Documents and Settings\Yopai\Application Data\Malwarebytes 2008-08-03 20:01 . 2008-08-03 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-03 20:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-03 20:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-31 09:21 . 2008-07-31 09:21 107,134 --a------ C:\WINDOWS\UninstallFirefox.exe 2008-07-27 11:01 . 2008-07-27 11:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-26 23:02 . 2008-07-26 23:02 <REP> d-------- C:\Program Files\Sun 2008-07-26 23:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-26 20:18 . 2008-07-26 20:18 <REP> d-------- C:\Program Files\AVG 2008-07-26 14:51 . 2008-07-27 11:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-26 14:49 . 2008-07-31 10:10 255 --a------ C:\WINDOWS\wininit.ini 2008-07-26 14:21 . 2008-07-26 14:21 <REP> d-------- C:\Program Files\CCleaner 2008-07-26 13:32 . 2008-07-26 13:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-17 21:56 . 2008-07-17 21:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-07-08 19:15 . 2008-07-08 19:15 <REP> d-------- C:\Program Files\directx 2008-07-08 19:11 . 2008-07-08 19:11 <REP> d-------- C:\Program Files\Eidos Interactive . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-04 08:21 --------- d-----w C:\Documents and Settings\Yopai\Application Data\Skype 2008-08-04 08:21 --------- d-----w C:\Documents and Settings\Yopai\Application Data\DNA 2008-07-31 07:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-27 08:55 --------- d-----w C:\Documents and Settings\Yopai\Application Data\Lavasoft 2008-07-27 08:50 --------- d-----w C:\Program Files\Easy Internet signup 2008-07-26 21:00 --------- d-----w C:\Program Files\Java 2008-07-26 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-26 12:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-17 19:39 --------- d-----w C:\Program Files\Ubisoft 2008-06-27 14:15 --------- d-----w C:\Documents and Settings\Yopai\Application Data\AdobeUM 2008-06-24 17:42 --------- d-----w C:\Documents and Settings\Yopai\Application Data\BitTorrent 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-18 15:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-06-18 15:16 --------- d-----w C:\Documents and Settings\Yopai\Application Data\InterTrust 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-19 22:39 28,112 ----a-w C:\Documents and Settings\Yopai\Application Data\GDIPFONTCACHEV1.DAT 2006-03-27 16:55 48,618,077 ----a-w C:\Documents and Settings\Yopai\[Nipponsei] Fate-Stay Night ED Single - Anata ga Ita Mori [Jyukai].zip 2006-02-18 18:21 680 ----a-w C:\Program Files\mpc2.reg 2006-02-18 18:21 596 ----a-w C:\Program Files\mpc1.reg 2006-02-18 18:21 5,050 ----a-w C:\Program Files\mpc7.reg 2006-02-18 18:21 32,754 ----a-w C:\Program Files\ffdsvsetts.reg 2006-02-18 18:21 31,532 ----a-w C:\Program Files\ffdssetts.reg 2006-02-18 18:21 3,972 ----a-w C:\Program Files\mpc4.reg 2006-02-18 18:21 3,865 ----a-w C:\Program Files\satsukidecodersettings.ini 2006-02-18 18:21 2,890 ----a-w C:\Program Files\mpc3.reg 2006-02-18 18:21 16,314 ----a-w C:\Program Files\mpc5.reg 2006-02-18 18:21 15,378 ----a-w C:\Program Files\mpc6.reg 2006-02-18 18:21 1,876 ----a-w C:\Program Files\ffdsasetts.reg 2005-11-11 14:11 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-01 12:16 289088] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-31 13:54 3084288] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40 159744] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-25 21:00 335872] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 19:56 483328] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 08:33 286720] "CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 17:32 278528] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-14 01:54 185896] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984] "WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-04-29 18:28 450560] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-06 16:50 155648] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54 278528] "HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 20:03 49152] "AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 15:40 88363 C:\WINDOWS\AGRSMMSG.exe] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP31"= vp31vfw.dll "VIDC.VP40"= vp4vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 19:52] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 17:27] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 17:27] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 17:28] S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys [2004-03-22 16:50] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-05-12 16:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - RavMon.exe \Shell\explore\Command - RavMon.exe -e \Shell\open\Command - RavMon.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-04 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\GestMaj.exe HKCU-Run-WINSOS VERIFY - C:\Program Files\WINSOS\WINSOS.EXE HKLM-Run-Workflow - D:\install\Workflow.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 10:24:37 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?8?9?8??????? ???B???????????????B? ?????? Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Apoint2K\ApntEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-04 10:36:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-04 08:36:44 Pre-Run: 16,675,131,392 octets libres Post-Run: 16,673,058,816 octets libres 204 --- E O F --- 2008-07-18 08:15:45

Ok, merci ^^ je te poste le rapport MBAM, et je continue la procédure, je posterai la suite après Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1020 Windows 5.1.2600 Service Pack 2 22:27:22 03/08/2008 mbam-log-8-3-2008 (22-27-22).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 123575 Temps écoulé: 1 hour(s), 59 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 9 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 13 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\axmtplob.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bolptmxa.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP801\A0190137.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP801\A0190138.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP801\A0190139.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP810\A0190636.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP810\A0190713.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP811\A0190848.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP811\A0190849.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\BM0c4bad76.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM0c4bad76.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Bureau\Services.URL (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Coucou, encore merci pour l'aide mais je me trouve devant un problème, j'ai pu faire toutes les manips jusqu'au moment où je dois me procurer Combofix...le lien que tu m'as donné ne fonctionne pas, j'ai essayé de le trouver par moi même, j'ai constaté qu'il y avait deux autres liens, un qui ne marche pas non plus, et un qui donne sur un site espagnol je crois :s...et j'ai pu voir aussi un post sur "commentçamarche" parlant d'une infection du logiciel combofix...donc là je suis un peu ds l'impasse...sinon je peux tjrs poster le rapport de MBAM, merci bien ^^

Bonsoir tout le monde ^^, alors voilà je suis infecté par ce virus qui a été décelé par avast, j'ai il y a quelques min eu une dizaine d'alertes avec le titre du sujet...bad...j'ai essayé de chercher comment m'en débarrasser sur le net, mais je n'ai trouvé que deux post parlant de l'utilisation de "vundofix", mais après l'avoir téléchargé, Avast me dit que le fichier est dangereux, et si je choisis de ne pas intervenir, en voulant lancer l'installation de vundofix, un message d'erreur est apparu et je ne parviens pas à lancer le logiciel (-_-)'... j'ai fait une recherche pas mot clé sur le forum, je n'ai pas trouvé de sujets ayant pour titre le nom du virus qui me pose problème...donc si une âme charitable accepte de m'aider s'il vous plaît ^^ merci beaucoup, je poste ici un rapport Hijackthis (je précise que je n'y connais pas grand chose en info mais j'ai vu que tout le monde faisait ça XD...) ah oui, et je précise qu'au démarrage de mon pc, deux ou trois fenetres noires avec C:/windows/command s'ouvrent et se ferment :s Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:11:59, on 03/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Yopai\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {0166424B-3B49-46C1-993E-C34DDFD7664A} - C:\WINDOWS\system32\ddccYomJ.dll (file missing) O2 - BHO: (no name) - {099AC52C-1CD4-434C-9CC6-FF56DABB5010} - C:\WINDOWS\system32\fccbxyVM.dll (file missing) O2 - BHO: (no name) - {113DCF79-E765-47FC-962B-7A7474586170} - (no file) O2 - BHO: (no name) - {129F4D48-E2E0-4E6B-8904-64BD23567C56} - (no file) O2 - BHO: (no name) - {14096D57-58EB-426A-A304-4512F9C2537B} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6F45C460-5EBE-426D-8E57-CF5290178A51} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Workflow] D:\install\Workflow.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [bM0c4bad76] Rundll32.exe "C:\WINDOWS\system32\jsbpgaob.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [spybotDeletingB5715] command /c del "C:\WINDOWS\system32\fccbxyVM.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD9279] cmd /c del "C:\WINDOWS\system32\fccbxyVM.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB7513] command /c del "C:\WINDOWS\system32\fccbxyVM.dll" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130527411968 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: fccbxyVM - fccbxyVM.dll (file missing) O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11249 bytes