rapport smitfraud fix

[pear]

J'en profite pour signaler que Zone alarm ne reconnait pas avg 8.

 

N'utilisant aucun des 2, je ne pourrai pas vous aider pour cela.

Cela pourrait mériter un nouveau sujet dans "Software".

[stan2]

Me revoilà, avec mes petits problèmes.

 

et le rapport lopSD :

 

Merci d'avance pour l'analyse :

 

 

--------------------\\ Lop S&D 4.2.4-8 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz )

BIOS : Phoenix NoteBIOS 4.0 Release 6.1

USER : Chef ( Administrator )

BOOT : Normal boot

Antivirus : ZoneAlarm Security Suite Antivirus 7.0.483.000 (Not Activated)

Firewall : ZoneAlarm Security Suite Firewall 7.0.483.000 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)

D:\ (Local Disk) - FAT32 - Total:35 Go (Free:15 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

G:\ (USB) - FAT32 - Total:980 Mo (Free:0 Go)

H:\ (USB) - FAT32 - Total:1963 Mo (Free:0 Go)

I:\ (Local Disk) - NTFS - Total:279 Go (Free:134 Go)

 

"C:\Lop SD" ( MAJ : 27-10-2008|09:15 )

Option : [1] ( 28/10/2008|14:27 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[30/03/2005|23:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[30/03/2005|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[22/09/2008|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[19/07/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[20/01/2008|20:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[20/01/2008|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[12/10/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8

[23/06/2005|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink

[25/04/2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard

[18/06/2005|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel

[09/10/2008|11:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[12/10/2008|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

[27/10/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[30/03/2005|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[26/12/2005|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy

[09/10/2008|01:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pobclqpk

[29/06/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[18/07/2007|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[30/06/2005|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[28/06/2008|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom

[31/08/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[30/03/2005|23:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[30/03/2005|23:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[23/06/2005|15:12] C:\DOCUME~1\CHEF\APPLIC~1\Adobe

[19/07/2005|20:26] C:\DOCUME~1\CHEF\APPLIC~1\AdobeUM

[20/01/2008|20:27] C:\DOCUME~1\CHEF\APPLIC~1\Apple Computer

[12/10/2008|19:55] C:\DOCUME~1\CHEF\APPLIC~1\AVGTOOLBAR

[22/06/2005|23:43] C:\DOCUME~1\CHEF\APPLIC~1\CyberLink

[11/11/2006|17:30] C:\DOCUME~1\CHEF\APPLIC~1\dvdcss

[22/06/2005|22:50] C:\DOCUME~1\CHEF\APPLIC~1\Help

[30/03/2005|23:44] C:\DOCUME~1\CHEF\APPLIC~1\Identities

[22/06/2005|23:31] C:\DOCUME~1\CHEF\APPLIC~1\Intel

[30/06/2005|15:41] C:\DOCUME~1\CHEF\APPLIC~1\Lavasoft

[28/06/2005|18:01] C:\DOCUME~1\CHEF\APPLIC~1\Macromedia

[12/10/2008|23:05] C:\DOCUME~1\CHEF\APPLIC~1\MailFrontier

[27/10/2008|17:44] C:\DOCUME~1\CHEF\APPLIC~1\Malwarebytes

[22/07/2005|11:14] C:\DOCUME~1\CHEF\APPLIC~1\Media Player Classic

[30/03/2005|23:29] C:\DOCUME~1\CHEF\APPLIC~1\Microsoft

[28/06/2005|15:23] C:\DOCUME~1\CHEF\APPLIC~1\Mozilla

[18/07/2007|21:40] C:\DOCUME~1\CHEF\APPLIC~1\MSNInstaller

[25/04/2008|10:52] C:\DOCUME~1\CHEF\APPLIC~1\OpenOffice.org2

[26/11/2006|15:07] C:\DOCUME~1\CHEF\APPLIC~1\Opera

[08/10/2008|23:44] C:\DOCUME~1\CHEF\APPLIC~1\SecuROM

[18/07/2007|22:04] C:\DOCUME~1\CHEF\APPLIC~1\Skype

[18/04/2007|17:15] C:\DOCUME~1\CHEF\APPLIC~1\Sun

[28/06/2008|21:45] C:\DOCUME~1\CHEF\APPLIC~1\TomTom

[11/11/2006|17:31] C:\DOCUME~1\CHEF\APPLIC~1\vlc

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[26/07/2008 05:01][--a------] C:\WINDOWS\tasks\arret ordinateur.job

[27/10/2008 21:30][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[28/10/2008 14:10][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[18/06/2005|22:38] C:\Program Files\acer

[30/03/2005|23:57] C:\Program Files\Acer Inc

[30/03/2005|23:59] C:\Program Files\Adobe

[20/01/2008|20:25] C:\Program Files\Apple Software Update

[31/03/2005|00:00] C:\Program Files\Arcade

[18/06/2005|22:34] C:\Program Files\ATI Technologies

[30/07/2008|22:37] C:\Program Files\Audacity

[09/10/2008|00:35] C:\Program Files\AvantGo Connect

[12/10/2008|19:55] C:\Program Files\AVG

[11/11/2006|15:05] C:\Program Files\AviSynth 2.5

[08/10/2008|18:36] C:\Program Files\Bayo

[22/09/2008|15:30] C:\Program Files\Bonjour

[22/05/2008|17:47] C:\Program Files\Canal

[29/06/2005|17:41] C:\Program Files\Canon

[09/10/2008|10:20] C:\Program Files\cjxgsve

[06/07/2005|16:37] C:\Program Files\Common Files

[30/03/2005|23:35] C:\Program Files\ComPlus Applications

[30/03/2005|23:52] C:\Program Files\CONEXANT

[31/03/2005|00:01] C:\Program Files\CyberLink

[09/10/2008|00:27] C:\Program Files\Database Conversion Wizard

[09/10/2008|01:56] C:\Program Files\dhahmac

[30/06/2005|15:59] C:\Program Files\D-Tools

[23/06/2005|12:14] C:\Program Files\DVD Shrink

[28/06/2005|18:32] C:\Program Files\EPSON

[11/11/2006|15:04] C:\Program Files\ffdshow

[30/03/2005|23:29] C:\Program Files\Fichiers communs

[12/09/2007|16:22] C:\Program Files\Geogebra

[21/03/2006|17:43] C:\Program Files\Geoplan-Geospace

[22/06/2005|21:54] C:\Program Files\Grisoft

[30/03/2005|23:44] C:\Program Files\InstallShield Installation Information

[30/03/2005|23:45] C:\Program Files\Intel

[30/03/2005|23:35] C:\Program Files\Internet Explorer

[22/09/2008|15:46] C:\Program Files\iPod

[22/09/2008|15:46] C:\Program Files\iTunes

[19/07/2007|22:31] C:\Program Files\IZArc

[16/01/2007|10:36] C:\Program Files\Java

[22/07/2005|11:13] C:\Program Files\K-Lite Codec Pack

[18/06/2005|22:38] C:\Program Files\Launch Manager

[30/06/2005|15:28] C:\Program Files\Lavalys

[30/06/2005|15:40] C:\Program Files\Lavasoft

[27/10/2008|17:44] C:\Program Files\Malwarebytes' Anti-Malware

[30/03/2005|23:34] C:\Program Files\Messenger

[05/04/2006|22:39] C:\Program Files\Microsoft ActiveSync

[30/03/2005|23:38] C:\Program Files\microsoft frontpage

[23/06/2005|10:59] C:\Program Files\Microsoft Office

[23/06/2005|10:59] C:\Program Files\Microsoft Visual Studio

[18/06/2005|22:42] C:\Program Files\Microsoft Works

[23/06/2005|11:00] C:\Program Files\Microsoft.NET

[18/11/2006|18:44] C:\Program Files\Morgan

[30/03/2005|23:36] C:\Program Files\Movie Maker

[28/06/2005|15:22] C:\Program Files\Mozilla Firefox

[30/03/2005|23:34] C:\Program Files\MSN

[30/03/2005|23:34] C:\Program Files\MSN Gaming Zone

[02/08/2007|20:43] C:\Program Files\MSN Messenger

[26/11/2006|16:47] C:\Program Files\MSXML 4.0

[22/05/2008|17:43] C:\Program Files\MSXML 6.0

[11/11/2006|15:01] C:\Program Files\NeoDivx Suite

[18/11/2006|18:43] C:\Program Files\neodivx2006

[30/03/2005|23:36] C:\Program Files\NetMeeting

[31/03/2005|00:06] C:\Program Files\NewTech Infosystems

[30/03/2005|23:34] C:\Program Files\Online Services

[25/04/2008|10:50] C:\Program Files\OpenOffice.org 2.4

[26/11/2006|15:07] C:\Program Files\Opera

[30/03/2005|23:36] C:\Program Files\Outlook Express

[23/06/2005|15:02] C:\Program Files\photoshop

[06/07/2005|16:28] C:\Program Files\Publication Web

[22/09/2008|15:45] C:\Program Files\QuickTime

[26/03/2008|00:17] C:\Program Files\Red Kawa

[30/03/2005|23:36] C:\Program Files\Services en ligne

[18/07/2007|22:04] C:\Program Files\Skype

[30/06/2005|16:07] C:\Program Files\SpeedMenus

[30/06/2005|16:33] C:\Program Files\Spybot - Search & Destroy

[30/03/2005|23:54] C:\Program Files\Synaptics

[05/03/2008|16:03] C:\Program Files\Synology Download Redirector

[20/03/2007|21:39] C:\Program Files\Thomson

[28/06/2008|21:42] C:\Program Files\TomTom DesktopSuite

[28/06/2008|21:45] C:\Program Files\TomTom HOME 2

[30/03/2005|23:44] C:\Program Files\Uninstall Information

[11/11/2006|17:29] C:\Program Files\VideoLAN

[20/03/2007|21:31] C:\Program Files\Wanadoo

[20/03/2007|21:53] C:\Program Files\Wanadoo Messager

[11/11/2006|15:04] C:\Program Files\WinASPI

[22/05/2008|15:24] C:\Program Files\Windows Media Connect 2

[30/03/2005|23:34] C:\Program Files\Windows Media Player

[30/03/2005|23:34] C:\Program Files\Windows NT

[30/03/2005|23:36] C:\Program Files\WindowsUpdate

[18/06/2005|22:35] C:\Program Files\WinPCap

[18/11/2006|18:44] C:\Program Files\x264

[30/03/2005|23:38] C:\Program Files\xerox

[18/11/2006|18:44] C:\Program Files\XviD

[25/04/2008|10:48] C:\Program Files\Zero G Registry

[12/10/2008|22:53] C:\Program Files\Zone Labs

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[23/06/2005|15:09] C:\Program Files\Fichiers communs\Adobe

[22/09/2008|11:47] C:\Program Files\Fichiers communs\Adobe AIR

[20/01/2008|20:24] C:\Program Files\Fichiers communs\Apple

[08/10/2008|21:05] C:\Program Files\Fichiers communs\Bayo

[23/06/2005|10:59] C:\Program Files\Fichiers communs\DESIGNER

[22/09/2008|14:36] C:\Program Files\Fichiers communs\EPSON

[30/03/2005|23:44] C:\Program Files\Fichiers communs\InstallShield

[16/01/2007|10:34] C:\Program Files\Fichiers communs\Java

[30/03/2005|23:29] C:\Program Files\Fichiers communs\Microsoft Shared

[30/03/2005|23:36] C:\Program Files\Fichiers communs\MSSoap

[31/03/2005|00:06] C:\Program Files\Fichiers communs\muvee Technologies

[31/03/2005|00:06] C:\Program Files\Fichiers communs\NewTech Infosystems

[30/03/2005|23:29] C:\Program Files\Fichiers communs\ODBC

[30/03/2005|23:36] C:\Program Files\Fichiers communs\Services

[30/03/2005|23:29] C:\Program Files\Fichiers communs\SpeechEngines

[30/03/2005|23:35] C:\Program Files\Fichiers communs\System

[09/10/2008|11:06] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 57 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-28 14:29:55

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:24][D:27]-> C:\DOCUME~1\Chef\LOCALS~1\Temp

[F:7][D:0]-> C:\DOCUME~1\Chef\Cookies

[F:12][D:4]-> C:\DOCUME~1\Chef\LOCALS~1\TEMPOR~1\content.IE5

[F:10][D:6]-> C:\Recycled

 

1 - "C:\Lop SD\LopR_1.txt" - 28/10/2008|14:30 - Option : [1]

 

--------------------\\ Fin du rapport a 14:30:55

[pear]

Télécharger sur le bureauOTMoveIt3 by OldTimer .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

CODE(Exemples)

:Processes

 

:Services

 

:Reg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"JxzMHTRiLZ"=-

 

:Files

c:\documents and settings\all users\application data\pobclqpk\fgpqvsng.exe

c:\documents and settings\all users\application data\pobclqpk

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copierz/collez en le contenu dans votre prochaine réponse

 

[stan2]

Je me suis exécuté, mais je n'y comprends rien :P

 

Bravo à ceux qui comprennent !!!!!!!!!

 

Voici le rapport en question.

j'ai au moins compris qu'il n'aurait pas fallu copier la première ligne CODES...

 

Mais pour la suite, je ne vois pas très bien ce qui a été effacé

 

rapport :

 

Error: Unable to interpret <CODE(Exemples)> in the current context!

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\JxzMHTRiLZ deleted successfully.

========== FILES ==========

File/Folder c:\documents and settings\all users\application data\pobclqpk\fgpqvsng.exe not found.

c:\documents and settings\all users\application data\pobclqpk moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Chef\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Chef\LOCALS~1\Temp\~DFFB11.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\ZLT04e48.TMP scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\ZLT04e4e.TMP scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.

Opera cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10282008_152634

 

Files moved on Reboot...

C:\DOCUME~1\Chef\LOCALS~1\Temp\WCESLog.log moved successfully.

C:\DOCUME~1\Chef\LOCALS~1\Temp\~DFFB11.tmp moved successfully.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\ZLT04e48.TMP not found!

File C:\WINDOWS\temp\ZLT04e4e.TMP not found!

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.

C:\Documents and Settings\Chef\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.

[pear]

Je me suis exécuté, mais je n'y comprends rien

 

OtMoveIt a supprimé les infections , non seulement dans les fichiers indiqués mais aussi dans les fichiers temporaires qu'il a d'ailleurs vidés.

De même dans Opéra.

 

Je crois que le prochain rapport Hijackthis que vous allez me poster sera impeccable.

[stan2]

Je crois que le prochain rapport Hijackthis que vous allez me poster sera impeccable.

 

J'ai très très envie de partager votre enthousiasme.

 

Encore merci pour le temps que vous me consacrez.

 

Rapport :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:28:51, on 28/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Arcade\PCMService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Canal\Canal Widget\Canal Widget.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\SpeedMenus\speedmenus.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\Program Files\Opera\Opera.exe

C:\karcher\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.1:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [WinApiSmart] C:\WINDOWS\system32\xmrqjsje.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: SpeedMenus v1.lnk = C:\Program Files\SpeedMenus\speedmenus.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.canal-plus.com (HKLM)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119366467449

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: AdmAct - {2C8FD2F2-5E7B-BCC9-E962-08E3E51BF6FC} - C:\Program Files\cjxgsve\AdmAct.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 10579 bytes

[pear]

Il n'y a plus trace d'infection dans votre rapport.

 

mais vous avez des bricoles inutiles qui encombrent votre système.

Ceci , par exemple que vous devriez désinstaller:

C:\Program Files\Bonjour\mDNSResponder.exe

ou ceci, inutile au démarrage

Dans un hijackthis, cochez ces lignes puis cliquez Fixchecked:

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

Supprimer Ctfmon

Suppression des fonctionnalités Modes d'entrée utilisateur complémentaires des Services de texte

Démarrer-> Panneau de configuration.

-> Options régionales, date, heure et langue,

-> Options régionales et linguistiques.

Sous l'onglet Langues, cliquez sur Détails.

Sous Services installés, sélectionnez chaque élément d'entrée répertorié,

->cliquez sur Supprimer pour supprimer l'élément en question.

Tous les éléments doivent être supprimés, un par un, à l'exception du service d'entrée suivant :

Français (France) – clavier : Français

Ensuite

Démarrer->Exécuter ->

Taper:

Regsvr32.exe /u msimtf.dll

Cliquez sur OK.

Répétez pour le fichier Msctf.dll.

[stan2]

Il n'y a plus trace d'infection dans votre rapport.

 

OUaiiiiiis

 

merci beacoup pearl

 

je m'occupe du nettoyage...

[stan2]

Voila pear,

 

j'ai tout fait...

 

j'ai rebouté mon Portable qui a rebooté ensuite en cours de démarrage puis c'est correctement allumé.

 

J'ai profité de la manip précédente pour fixer aussi :

 

O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"

 

qui commencait à m'empoisonner. je le lancerais seulement quand j'en aurais besoin.

 

Merci encore pour tout.

 

Je lance un scan lent de avg 8 pour voir si tout va bien.

[stan2]

me revoilà pear , et merci toujours et encore pour tout ce temps consacré.

AVG8 n'a détecté que des spywares sur un dd externe et les a nettoyés.

 

Pour info, il a demarré avant Zonealarm et ce dernier n'a pas laissé de message d'erreur comme cité précédemment

 

J'espère que ca va aller...

 

Dois-je poster un dernier hijackthis ?