sam b

bon je crois que c'est OK : . ======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 ======= . Mit à jour par C_XX le 26.12.2009 à 20:47 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 11:36:40, 03/01/2010 | Mode Normal | Option: SCAN Exécuté de: C:\Program Files\Ad-Remover\ Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600 Nom du PC: BRUCE1971 | Utilisateur actuel: sam Bonnes fêtes de fin d'année à vous tous . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . . HKLM\software\MyWay . ============== Scan additionnel ============== . . * Internet Explorer Version 6.0.2900.5512 * . [HKEY_CURRENT_USER\..\Internet Explorer\Main] . Do404Search: 01000000 Local Page: C:\WINDOWS\system32\blank.htm Show_ToolBar: yes Start Page: hxxp://www.google.fr/ Use Custom Search URL: 1 (0x1) Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch . [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] . Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: %SystemRoot%\system32\blank.htm Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home . [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] . Error: Value: "Tabs" does not exist! . =================================== . 1609 Octet(s) - C:\Ad-Report-SCAN[1].log . 36 Fichier(s) - C:\DOCUME~1\sam\LOCALS~1\Temp 10 Fichier(s) - C:\WINDOWS\Temp 129 Fichier(s) - C:\WINDOWS\Prefetch . 1 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP 0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE . Fin à: 11:47:04 | 03/01/2010 - SCAN[1] . ============== E.O.F ============== . . ======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 ======= . Mit à jour par C_XX le 26.12.2009 à 20:47 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 14:19:56, 03/01/2010 | Mode Normal | Option: CLEAN Exécuté de: C:\Program Files\Ad-Remover\ Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600 Nom du PC: BRUCE1971 | Utilisateur actuel: sam Bonnes fêtes de fin d'année à vous tous . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . (!) -- Fichiers temporaires supprimés. . HKLM\software\MyWay . ============== Scan additionnel ============== . . * Internet Explorer Version 6.0.2900.5512 * . [HKEY_CURRENT_USER\..\Internet Explorer\Main] . Do404Search: 01000000 Local Page: C:\WINDOWS\system32\blank.htm Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 (0x1) Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 . [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: %SystemRoot%\system32\blank.htm Start Page: hxxp://fr.msn.com/ Search bar: hxxp://search.msn.com/spbasic.htm . [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm . =================================== . 1751 Octet(s) - C:\Ad-Report-CLEAN[1].log 1972 Octet(s) - C:\Ad-Report-SCAN[1].log . 1 Fichier(s) - C:\DOCUME~1\sam\LOCALS~1\Temp 2 Fichier(s) - C:\WINDOWS\Temp 7 Fichier(s) - C:\WINDOWS\Prefetch . 18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP 0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE . Fin à: 14:30:29 | 03/01/2010 - CLEAN[1] . ============== E.O.F ============== . JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 03 15:03:54 2010 Found and removed: C:\Program Files\Java\j2re1.4.2_03 Found and removed: C:\Program Files\Java\jre1.5.0_11 Found and removed: C:\Program Files\Java\jre1.6.0_01 Found and removed: C:\Program Files\Java\jre1.6.0_02 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: C:\Program Files\Java\jre1.6.0_06 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\DOCUME~1\sam\APPLIC~1\Sun\Java\jre1.6.0_11 Found and removed: C:\DOCUME~1\sam\APPLIC~1\Sun\Java\jre1.6.0_13 Found and removed: C:\DOCUME~1\sam\APPLIC~1\Sun\Java\jre1.6.0_15 Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 03 15:06:34 2010 ------------------------------------ Finished reporting. MERCI ENCORE !! sam

désolé je viens de trouver le rapport de tdsskiller : 13:55:23:466 4572 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 13:55:23:466 4572 ================================================================================ 13:55:23:466 4572 SystemInfo: 13:55:23:466 4572 OS Version: 5.1.2600 ServicePack: 3.0 13:55:23:466 4572 Product type: Workstation 13:55:23:466 4572 ComputerName: BRUCE1971 13:55:23:466 4572 UserName: sam 13:55:23:466 4572 Windows directory: C:\WINDOWS 13:55:23:466 4572 Processor architecture: Intel x86 13:55:23:466 4572 Number of processors: 1 13:55:23:466 4572 Page size: 0x1000 13:55:23:476 4572 Boot type: Normal boot 13:55:23:476 4572 ================================================================================ 13:55:23:516 4572 ForceUnloadDriver: NtUnloadDriver error 2 13:55:23:526 4572 ForceUnloadDriver: NtUnloadDriver error 2 13:55:23:526 4572 ForceUnloadDriver: NtUnloadDriver error 2 13:55:23:526 4572 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 13:55:23:536 4572 main: Driver KLMD successfully dropped 13:55:23:766 4572 main: Driver KLMD successfully loaded 13:55:23:766 4572 Scanning Registry ... 13:55:23:776 4572 ScanServices: Searching service UACd.sys 13:55:23:776 4572 ScanServices: Open/Create key error 2 13:55:23:776 4572 ScanServices: Searching service TDSSserv.sys 13:55:23:776 4572 ScanServices: Open/Create key error 2 13:55:23:776 4572 ScanServices: Searching service gaopdxserv.sys 13:55:23:776 4572 ScanServices: Open/Create key error 2 13:55:23:776 4572 ScanServices: Searching service gxvxcserv.sys 13:55:23:776 4572 ScanServices: Open/Create key error 2 13:55:23:776 4572 ScanServices: Searching service MSIVXserv.sys 13:55:23:776 4572 ScanServices: Open/Create key error 2 13:55:23:827 4572 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000 13:55:23:837 4572 UnhookRegistry: Kernel local addr: B40000 13:55:23:847 4572 UnhookRegistry: KeServiceDescriptorTable addr: BC3220 13:55:23:967 4572 UnhookRegistry: KiServiceTable addr: B4B6A8 13:55:23:977 4572 UnhookRegistry: NtEnumerateKey service number (local): 47 13:55:23:977 4572 UnhookRegistry: NtEnumerateKey local addr: BDC5A4 13:55:23:977 4572 KLMD_OpenDevice: Trying to open KLMD device 13:55:23:977 4572 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 13:55:23:977 4572 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 13:55:23:977 4572 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4] 13:55:23:977 4572 UnhookRegistry: NtEnumerateKey service number (kernel): 47 13:55:23:977 4572 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4] 13:55:23:977 4572 UnhookRegistry: NtEnumerateKey real addr: 805735A4 13:55:23:977 4572 UnhookRegistry: NtEnumerateKey calc addr: 805735A4 13:55:23:977 4572 UnhookRegistry: No SDT hooks found on NtEnumerateKey 13:55:23:987 4572 KLMD_ReadMem: Trying to ReadMemory 0x805735A4[0xA] 13:55:23:987 4572 UnhookRegistry: Splicing found on NtEnumerateKey 13:55:23:987 4572 KLMD_WriteMem: Trying to WriteMemory 0x805735A4[0xA] 13:55:23:987 4572 UnhookRegistry: NtEnumerateKey (Splicing) unhooked successfully 13:55:23:987 4572 Hidden service detected: H8SRTd.sys Type "delete" (without quotes) to delete it: 13:59:02:000 4572 13:59:02:211 4572 DeleteEvilService: Access denied, trying to reopen with REG_OPTION_BACKUP_RESTORE 13:59:02:211 4572 DeleteEvilService: H8SRTd.sys: ImagePath = C:\WINDOWS\system32\drivers\h8srtjntoaoddxl.sys 13:59:02:211 4572 File C:\WINDOWS\system32\drivers\h8srtjntoaoddxl.sys will be deleted on next reboot 13:59:02:271 4572 RegNode SYSTEM\CurrentControlSet\Services\H8SRTd.sys will be deleted on next reboot 13:59:02:281 4572 Scanning Kernel memory ... 13:59:02:281 4572 KLMD_OpenDevice: Trying to open KLMD device 13:59:02:281 4572 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 13:59:02:281 4572 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 13:59:02:281 4572 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85B98138 13:59:02:281 4572 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects 13:59:02:281 4572 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85B0E030 13:59:02:281 4572 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B0E030 13:59:02:281 4572 KLMD_ReadMem: Trying to ReadMemory 0x85B0E030[0x38] 13:59:02:281 4572 DetectCureTDL3: DRIVER_OBJECT addr: 85B98138 13:59:02:281 4572 KLMD_ReadMem: Trying to ReadMemory 0x85B98138[0xA8] 13:59:02:281 4572 KLMD_ReadMem: Trying to ReadMemory 0xE17240A8[0x208] 13:59:02:281 4572 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 13:59:02:281 4572 DetectCureTDL3: IrpHandler (0) addr: F7634BB0 13:59:02:281 4572 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (2) addr: F7634BB0 13:59:02:281 4572 DetectCureTDL3: IrpHandler (3) addr: F762ED1F 13:59:02:281 4572 DetectCureTDL3: IrpHandler (4) addr: F762ED1F 13:59:02:281 4572 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler ( addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (9) addr: F762F2E2 13:59:02:281 4572 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (14) addr: F762F3BB 13:59:02:281 4572 DetectCureTDL3: IrpHandler (15) addr: F7632F28 13:59:02:281 4572 DetectCureTDL3: IrpHandler (16) addr: F762F2E2 13:59:02:281 4572 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (22) addr: F7630C82 13:59:02:281 4572 DetectCureTDL3: IrpHandler (23) addr: F763599E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 13:59:02:281 4572 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 13:59:02:281 4572 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 13:59:02:281 4572 KLMD_ReadMem: DeviceIoControl error 1 13:59:02:281 4572 TDL3_StartIoHookDetect: Unable to get StartIo handler code 13:59:02:281 4572 TDL3_FileDetect: Processing driver: Disk 13:59:02:281 4572 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 13:59:02:281 4572 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 13:59:02:281 4572 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 13:59:02:351 4572 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85B94030 13:59:02:351 4572 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B94030 13:59:02:351 4572 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85B983C8 13:59:02:351 4572 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B983C8 13:59:02:351 4572 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85B984E0 13:59:02:351 4572 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B984E0 13:59:02:351 4572 KLMD_ReadMem: Trying to ReadMemory 0x85B984E0[0x38] 13:59:02:351 4572 DetectCureTDL3: DRIVER_OBJECT addr: 85B98C28 13:59:02:351 4572 KLMD_ReadMem: Trying to ReadMemory 0x85B98C28[0xA8] 13:59:02:361 4572 KLMD_ReadMem: Trying to ReadMemory 0xE1725FE0[0x208] 13:59:02:361 4572 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 13:59:02:361 4572 DetectCureTDL3: IrpHandler (0) addr: F75426F2 13:59:02:361 4572 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (2) addr: F75426F2 13:59:02:361 4572 DetectCureTDL3: IrpHandler (3) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (4) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler ( addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (9) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (14) addr: F7542712 13:59:02:361 4572 DetectCureTDL3: IrpHandler (15) addr: F753E852 13:59:02:361 4572 DetectCureTDL3: IrpHandler (16) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (22) addr: F754273C 13:59:02:361 4572 DetectCureTDL3: IrpHandler (23) addr: F7549336 13:59:02:361 4572 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 13:59:02:361 4572 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 13:59:02:361 4572 KLMD_ReadMem: Trying to ReadMemory 0xF753F864[0x400] 13:59:02:361 4572 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 13:59:02:361 4572 TDL3_FileDetect: Processing driver: atapi 13:59:02:361 4572 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 13:59:02:361 4572 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 13:59:02:361 4572 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 13:59:02:461 4572 Completed Results: 13:59:02:461 4572 Infected objects in memory: 0 13:59:02:461 4572 Cured objects in memory: 0 13:59:02:461 4572 Infected objects on disk: 1 13:59:02:461 4572 Objects on disk cured on reboot: 0 13:59:02:461 4572 Objects on disk deleted on reboot: 1 13:59:02:461 4572 Registry nodes deleted on reboot: 1 13:59:02:461 4572

merci beaucoup je pense que ca marche maintenant car plus de fenetres qui s'ouvrent .... par contre avec le premier logiciel TDSSKILER je n'ai pas de rapport, il m'a juste trouvé un .exe qu'il voulait que je detruise, ce que j'ai fait... rapport mbam: Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3477 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 02/01/2010 16:21:01 mbam-log-2010-01-02 (16-21-01).txt Type de recherche: Examen complet (C:\|D:\|F:\|) Eléments examinés: 213018 Temps écoulé: 1 hour(s), 22 minute(s), 35 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 7 Fichier(s) infecté(s): 18 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWay\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\sam\Menu Démarrer\Programmes\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\System Volume Information\_restore{67EFE51A-F497-48AD-8DD5-8EEC54528088}\RP0\A0000111.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{67EFE51A-F497-48AD-8DD5-8EEC54528088}\RP0\A0000113.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{67EFE51A-F497-48AD-8DD5-8EEC54528088}\RP0\A0000114.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{67EFE51A-F497-48AD-8DD5-8EEC54528088}\RP1\A0000117.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\sam\Menu Démarrer\Programmes\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\sam\Menu Démarrer\Programmes\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\sam\Menu Démarrer\Programmes\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\sam\Bureau\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\sam\Bureau\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\WINDOWS\system32\H8SRTotoyvtdjlk.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\sam\Local Settings\Temp\H8SRT4981.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:37:52, on 02/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Common Toolkit Suite\AVEngine\AVScanningService.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Fichiers communs\Common Toolkit Suite\FighterSuiteService.exe C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\SCMain.exe C:\WINDOWS\WCMain.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\sam\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com/mysearch/?ptnrS=BW R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sWPROguard] C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: AV Engine Scanning Service - Unknown owner - C:/Program Files/Fichiers communs/Common Toolkit Suite/AVEngine/AVScanningService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Fichiers communs\Common Toolkit Suite\FighterSuiteService.exe O23 - Service: Service Google Update (gupdate1c9f7f9e53efeb0) (gupdate1c9f7f9e53efeb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11969 bytes

bonjour ca fait plusieurs jours que mon ordi est infecte par malware defense, apres plusieurs recherches j ai installe MBAM mais je ne peux l executer meme en mode sans echec... j ai lu un sujet similaire sur ce forum et j ai vu qu il fallait mieux s inscrire car chaque infection est traitee de maniere personnelle... de plus j utilisais MAC AFEE avant l infection mais j ai desinstalle celui ci pour AVAST, j ai aussi installe ANTISPYWARE. ET POUR FINIR j ai depuis l infection un message d erreur avant d entrer mon mot de passe pour acceder a mon bureau qui est le suivant : GoogleUpdate.exe-erreur d'appication l'exception point d'arret un point d'arret a ete atteint (0*80000003) s'est produite dans l'application a l'emplacement 0*00406eef cliquer sur ok pour terminer le programme cliquer sur annuler pour deboger le programme voila a l aide car je ne sais plus quoi faire et desole pour les accents car j utilise un ordi nord americain qwerty merci sam b