Soucis avec mon ordinateur

Résolu
evanval Messages postés 52 Statut Membre -  
evanval Messages postés 52 Statut Membre -
Bonjour,
j'ai de gros soucis avec mon ordinateur mais je ne sais pas de quoi cela peut venir
En faisant une mise a jour de adaware hier plantage de l'ordinateur, depuis je ne peux plus l'utiliser et même le désinstaller ainsi que spybot.
Mon antivirus antivir s'arréte a 50% du scanne et l'ordi rame voir s'éteint
je ne peux plus faire grand chose dessus et mËme un antivirus en ligne n'est pas possible
Quelqu'un peut il m'orienter s'il vous plait, je n'y connais pas grand chose
merci d'avance
Configuration: Windows XP
Firefox 3.0.7

39 réponses

  • 1
  • 2
  1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Bonjourrr;

    poste un rapport hijackthis (outil de diagnostic)
    Télécharge http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    --) Enregistre HJTInstall.exe sur ton bureau
    --) Double-clique sur HJTInstall.exe pour lancer le programme
    --) Par défaut, il s'installera içi C:\Programme Files\Trend Micro\HijackThis
    --) Accepte la license en cliquant sur le bouton "I Accept"
    --) Choisis l'option "Do a system scan and save a log file"
    --) Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
    --) Clique sur "Édition -> Sélectionner tout", puis sur "Édition -> Copier" pour copier tout le contenu du rapport
    --) Colle le rapport que tu viens de copier sur ce forum
    --) Ne fixe encore AUCUNE ligne,
    2
  2. evanval Messages postés 52 Statut Membre 1
     
    merci beaucoup par avance

    voici mon HijackThis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:37:50, on 13/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\UMStor\Res.EXE
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files\recfree\tbrec0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AF77CE47-3E7A-48BC-8DB0-A870F5C2B300}: NameServer = 192.168.1.1
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Update Service (gupdate1c9764a25216d98) (gupdate1c9764a25216d98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  3. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
  4. evanval Messages postés 52 Statut Membre 1
     
    voici le rapport du bloc note

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : Sindy ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
    C:\ (Local Disk) - NTFS - Total:78 Go (Free:66 Go)
    D:\ (Local Disk) - NTFS - Total:107 Go (Free:57 Go)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (CD or DVD)
    K:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 13/03/2009|22:15 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (Sindy) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://fr.yahoo.com/?p=us"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://fr.yahoo.com/?p=us"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://fr.yahoo.com/?p=us"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 13/03/2009|22:18 - Option : [1]

    -----------\\ Fin du rapport a 22:18:44,53
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    * Relance Toolbar-S&D en double-cliquant sur son raccourci situé sur le Bureau.
    Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression. Un rapport sera généré, sauvegarde-le.
    0
  7. evanval Messages postés 52 Statut Membre 1
     
    voici le nouveau rapport aprés suppression

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : Sindy ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
    C:\ (Local Disk) - NTFS - Total:78 Go (Free:66 Go)
    D:\ (Local Disk) - NTFS - Total:107 Go (Free:57 Go)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 14/03/2009| 8:55 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (Sindy) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://fr.yahoo.com/?p=us"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://fr.yahoo.com/?p=us"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 13/03/2009|22:18 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 14/03/2009| 9:00 - Option : [2]

    -----------\\ Fin du rapport a 9:00:18,53
    0
  8. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    Telecharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    -Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. risque de figer l'ordi

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    !\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordi (plantage complet)

    ::Si combofix detecte quelque chose et de demande a redemarer tu accepte
    0
  9. evanval Messages postés 52 Statut Membre 1
     
    le voici mais j'ai désactiver que mon antivirus mais pas malwarebyte (je n'ais pas trouvé ), j'espére que cela ne nuiera pas a la lecture de ce rapport
    merci encore de votre aide

    ComboFix 09-03-13.02 - Sindy 2009-03-14 19:29:57.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.300 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Sindy\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-14 au 2009-03-14 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-14 09:50 . 2009-03-14 09:51 <REP> d-------- c:\documents and settings\Sindy\Application Data\CyberLink
    2009-03-14 09:49 . 2009-03-14 09:51 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
    2009-03-13 22:13 . 2009-03-14 09:00 <REP> d-------- C:\ToolBar SD
    2009-03-13 18:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-13 18:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-13 18:33 . 2009-03-13 18:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-13 18:33 . 2009-03-13 18:33 2,876,720 --a------ c:\program files\mbam-setup.exe
    2009-03-13 17:50 . 2009-03-13 17:50 <REP> d-------- c:\program files\Trend Micro
    2009-03-13 17:50 . 2009-03-13 17:50 812,344 --a------ c:\program files\HJTInstall.exe
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2009-03-13 17:04 . 2008-09-25 20:37 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2009-03-13 17:04 . 2009-03-13 17:22 <REP> d-------- c:\documents and settings\Administrateur
    2009-03-13 16:37 . 2009-03-13 16:37 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2009-03-13 12:53 . 2009-03-13 12:57 <REP> d-------- c:\windows\avxoscan
    2009-03-13 10:16 . 2009-03-13 10:16 <REP> d-------- C:\emme
    2009-03-05 16:20 . 2009-03-05 16:20 <REP> d-------- c:\documents and settings\Sindy\Application Data\Yahoo!
    2009-03-05 16:20 . 2009-03-05 16:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-03-05 16:20 . 2009-03-13 10:16 <REP> dr-h----- c:\documents and settings\All Users\Application Data\yahoo!
    2009-03-05 13:31 . 2009-03-05 13:31 <REP> d-------- c:\program files\Unity
    2009-02-28 16:41 . 2009-02-28 16:41 <REP> d-------- c:\program files\RadarSyncBar2
    2009-02-28 16:32 . 2009-02-28 16:34 <REP> d-------- c:\program files\recfree
    2009-02-28 16:32 . 2009-03-13 21:23 <REP> d-------- c:\program files\GooglePlusVideos
    2009-02-28 16:32 . 2009-02-28 16:32 <REP> d-------- c:\program files\Conduit

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-13 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 09:16 --------- d-----w c:\program files\Yahoo!
    2009-03-13 09:16 --------- d-----w c:\program files\Google
    2009-03-06 22:55 --------- d-----w c:\documents and settings\Sindy\Application Data\Apple Computer
    2009-03-06 12:15 --------- d-----w c:\program files\JPEG Compression
    2009-03-01 13:38 --------- d-----w c:\documents and settings\Sindy\Application Data\HP
    2009-02-26 17:13 --------- d-----w c:\documents and settings\Sindy\Application Data\Nokia
    2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
    2009-02-04 13:39 --------- d-----w c:\program files\iTunes
    2009-02-04 13:39 --------- d-----w c:\program files\iPod
    2009-02-04 13:39 --------- d-----w c:\program files\Fichiers communs\Apple
    2009-02-04 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-02-04 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-02-04 13:38 --------- d-----w c:\program files\QuickTime
    2009-02-04 13:38 --------- d-----w c:\program files\Bonjour
    2009-02-04 13:37 --------- d-----w c:\program files\Apple Software Update
    2009-02-04 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2009-01-20 09:43 --------- d-----w c:\program files\Nokia
    2009-01-20 09:43 --------- d-----w c:\program files\Fichiers communs\PCSuite
    2009-01-20 09:43 --------- d-----w c:\program files\Fichiers communs\Nokia
    2009-01-20 09:42 --------- d-----w c:\program files\PC Connectivity Solution
    2009-01-20 09:39 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
    2009-01-09 07:56 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2009-01-25 12:57 28,672 ----a-w c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
    2008-10-19 09:58 49,152 ----a-w c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
    2008-10-09 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092220080929\index.dat
    2008-10-09 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100920081010\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
    2008-09-15 06:47 1784856 --a------ c:\program files\recfree\tbrec0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
    2009-02-28 16:41 1883672 --a------ c:\program files\RadarSyncBar2\tbRad1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{15C93148-34FE-47E6-88E5-37607A3002F3}"= "c:\program files\recfree\tbrec0.dll" [2008-09-15 1784856]
    "{3D708B11-B57C-4ABA-98F2-141DCF6C6FF8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{15c93148-34fe-47e6-88e5-37607a3002f3}]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
    "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-26 106561]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    S2 gupdate1c9764a25216d98;Google Update Service (gupdate1c9764a25216d98);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-14 133104]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fba852e-aa78-11dd-b78d-0011d8d072d3}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-03-14 c:\windows\Tasks\User_Feed_Synchronization-{32F996BD-7BE8-4922-AA97-291D0F287092}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.yahoo.com
    mWindow Title =
    uInternet Settings,ProxyOverride = *.local
    IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    TCP: {AF77CE47-3E7A-48BC-8DB0-A870F5C2B300} = 192.168.1.1
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Sindy\Application Data\Mozilla\Firefox\Profiles\9epm8ajj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - component: c:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
    FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-14 19:41:30
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(2940)
    c:\progra~1\WINDOW~2\wmpband.dll
    .
    Heure de fin: 2009-03-14 19:47:46
    ComboFix-quarantined-files.txt 2009-03-14 18:47:33

    Avant-CF: 71 649 116 160 octets libres
    Après-CF: 71,641,395,200 octets libres

    205 --- E O F --- 2009-03-14 00:48:44
    0
  10. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    ****************************************************

    /!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

    Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

    Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

    File::
    c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fba852e-aa78-11dd-b78d-0011d8d072d3}]


    Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  11. evanval Messages postés 52 Statut Membre 1
     
    voici le nouveau combofix, je fais l'autre toute suite
    ComboFix 09-03-13.02 - Sindy 2009-03-15 9:21:16.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.251 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Sindy\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Sindy\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-15 au 2009-03-15 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-14 09:50 . 2009-03-14 09:51 <REP> d-------- c:\documents and settings\Sindy\Application Data\CyberLink
    2009-03-14 09:49 . 2009-03-14 09:51 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
    2009-03-13 22:13 . 2009-03-14 09:00 <REP> d-------- C:\ToolBar SD
    2009-03-13 18:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-13 18:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-13 18:33 . 2009-03-13 18:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-13 18:33 . 2009-03-13 18:33 2,876,720 --a------ c:\program files\mbam-setup.exe
    2009-03-13 17:50 . 2009-03-13 17:50 <REP> d-------- c:\program files\Trend Micro
    2009-03-13 17:50 . 2009-03-13 17:50 812,344 --a------ c:\program files\HJTInstall.exe
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2009-03-13 17:04 . 2008-09-25 20:37 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2009-03-13 17:04 . 2009-03-13 17:22 <REP> d-------- c:\documents and settings\Administrateur
    2009-03-13 16:37 . 2009-03-13 16:37 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2009-03-13 12:53 . 2009-03-13 12:57 <REP> d-------- c:\windows\avxoscan
    2009-03-13 10:16 . 2009-03-13 10:16 <REP> d-------- C:\emme
    2009-03-05 16:20 . 2009-03-05 16:20 <REP> d-------- c:\documents and settings\Sindy\Application Data\Yahoo!
    2009-03-05 16:20 . 2009-03-05 16:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-03-05 16:20 . 2009-03-13 10:16 <REP> dr-h----- c:\documents and settings\All Users\Application Data\yahoo!
    2009-03-05 13:31 . 2009-03-05 13:31 <REP> d-------- c:\program files\Unity
    2009-02-28 16:41 . 2009-02-28 16:41 <REP> d-------- c:\program files\RadarSyncBar2
    2009-02-28 16:32 . 2009-02-28 16:34 <REP> d-------- c:\program files\recfree
    2009-02-28 16:32 . 2009-03-13 21:23 <REP> d-------- c:\program files\GooglePlusVideos
    2009-02-28 16:32 . 2009-02-28 16:32 <REP> d-------- c:\program files\Conduit

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-13 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 09:16 --------- d-----w c:\program files\Yahoo!
    2009-03-13 09:16 --------- d-----w c:\program files\Google
    2009-03-06 22:55 --------- d-----w c:\documents and settings\Sindy\Application Data\Apple Computer
    2009-03-06 12:15 --------- d-----w c:\program files\JPEG Compression
    2009-03-01 13:38 --------- d-----w c:\documents and settings\Sindy\Application Data\HP
    2009-02-26 17:13 --------- d-----w c:\documents and settings\Sindy\Application Data\Nokia
    2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
    2009-02-04 13:39 --------- d-----w c:\program files\iTunes
    2009-02-04 13:39 --------- d-----w c:\program files\iPod
    2009-02-04 13:39 --------- d-----w c:\program files\Fichiers communs\Apple
    2009-02-04 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-02-04 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-02-04 13:38 --------- d-----w c:\program files\QuickTime
    2009-02-04 13:38 --------- d-----w c:\program files\Bonjour
    2009-02-04 13:37 --------- d-----w c:\program files\Apple Software Update
    2009-02-04 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2009-01-20 09:43 --------- d-----w c:\program files\Nokia
    2009-01-20 09:43 --------- d-----w c:\program files\Fichiers communs\PCSuite
    2009-01-20 09:43 --------- d-----w c:\program files\Fichiers communs\Nokia
    2009-01-20 09:42 --------- d-----w c:\program files\PC Connectivity Solution
    2009-01-20 09:39 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
    2009-01-09 07:56 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2009-01-25 12:57 28,672 ----a-w c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
    2008-10-19 09:58 49,152 ----a-w c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
    2008-10-09 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092220080929\index.dat
    2008-10-09 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100920081010\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
    2008-09-15 06:47 1784856 --a------ c:\program files\recfree\tbrec0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
    2009-02-28 16:41 1883672 --a------ c:\program files\RadarSyncBar2\tbRad1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{15C93148-34FE-47E6-88E5-37607A3002F3}"= "c:\program files\recfree\tbrec0.dll" [2008-09-15 1784856]
    "{3D708B11-B57C-4ABA-98F2-141DCF6C6FF8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{15c93148-34fe-47e6-88e5-37607a3002f3}]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
    "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-26 106561]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    S2 gupdate1c9764a25216d98;Google Update Service (gupdate1c9764a25216d98);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-14 133104]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fba852e-aa78-11dd-b78d-0011d8d072d3}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-03-14 c:\windows\Tasks\User_Feed_Synchronization-{32F996BD-7BE8-4922-AA97-291D0F287092}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.yahoo.com
    mWindow Title =
    uInternet Settings,ProxyOverride = *.local
    IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    TCP: {AF77CE47-3E7A-48BC-8DB0-A870F5C2B300} = 192.168.1.1
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Sindy\Application Data\Mozilla\Firefox\Profiles\9epm8ajj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - component: c:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
    FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-15 09:43:04
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(3976)
    c:\progra~1\WINDOW~2\wmpband.dll
    .
    Heure de fin: 2009-03-15 9:57:09
    ComboFix-quarantined-files.txt 2009-03-15 08:56:52
    ComboFix2.txt 2009-03-14 18:47:59

    Avant-CF: 71 627 112 448 octets libres
    Après-CF: 71,614,922,752 octets libres

    209 --- E O F --- 2009-03-14 00:48:44
    0
  12. evanval Messages postés 52 Statut Membre 1
     
    voici le nouveau hijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:12:47, on 15/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\UMStor\Res.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files\recfree\tbrec0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AF77CE47-3E7A-48BC-8DB0-A870F5C2B300}: NameServer = 192.168.1.1
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Update Service (gupdate1c9764a25216d98) (gupdate1c9764a25216d98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  13. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    fait un copier coller de mon message 9 car tu écrit File:: en majuscule

    File::
    c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{3fba852e-aa78-11dd-b78d-0011d8d072d­3}]

    0
  14. evanval Messages postés 52 Statut Membre 1
     
    je vais le refaire mais je ne comprends pas trop ce qui est en majuscule car tout à l'heure j'ai fais un copier coller je n'ais rien changer
    je reessais
    0
  15. evanval Messages postés 52 Statut Membre 1
     
    je l'ai refais mais je crois que c'est le même souci le voici, je ne comprends pas car je fais vraiment un copier coller de ce que vous m'avez mis
    faut-il que j'essaie de mettre le F de file en minuscule ?

    ComboFix 09-03-13.02 - Sindy 2009-03-15 13:48:48.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.233 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Sindy\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Sindy\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-15 au 2009-03-15 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-15 11:18 . 2009-03-15 11:18 <REP> d-------- c:\program files\Avira
    2009-03-15 11:18 . 2009-03-15 11:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-03-14 09:50 . 2009-03-14 09:51 <REP> d-------- c:\documents and settings\Sindy\Application Data\CyberLink
    2009-03-14 09:49 . 2009-03-14 09:51 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
    2009-03-13 22:13 . 2009-03-14 09:00 <REP> d-------- C:\ToolBar SD
    2009-03-13 18:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-13 18:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-13 18:33 . 2009-03-13 18:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-13 18:33 . 2009-03-13 18:33 2,876,720 --a------ c:\program files\mbam-setup.exe
    2009-03-13 17:50 . 2009-03-13 17:50 <REP> d-------- c:\program files\Trend Micro
    2009-03-13 17:50 . 2009-03-13 17:50 812,344 --a------ c:\program files\HJTInstall.exe
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2009-03-13 17:04 . 2008-09-25 20:37 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2009-03-13 17:04 . 2009-03-13 17:22 <REP> d-------- c:\documents and settings\Administrateur
    2009-03-13 16:37 . 2009-03-13 16:37 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2009-03-13 12:53 . 2009-03-13 12:57 <REP> d-------- c:\windows\avxoscan
    2009-03-13 10:16 . 2009-03-13 10:16 <REP> d-------- C:\emme
    2009-03-05 16:20 . 2009-03-05 16:20 <REP> d-------- c:\documents and settings\Sindy\Application Data\Yahoo!
    2009-03-05 16:20 . 2009-03-05 16:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-03-05 16:20 . 2009-03-13 10:16 <REP> dr-h----- c:\documents and settings\All Users\Application Data\yahoo!
    2009-03-05 13:31 . 2009-03-05 13:31 <REP> d-------- c:\program files\Unity
    2009-02-28 16:41 . 2009-02-28 16:41 <REP> d-------- c:\program files\RadarSyncBar2
    2009-02-28 16:32 . 2009-02-28 16:34 <REP> d-------- c:\program files\recfree
    2009-02-28 16:32 . 2009-03-13 21:23 <REP> d-------- c:\program files\GooglePlusVideos
    2009-02-28 16:32 . 2009-02-28 16:32 <REP> d-------- c:\program files\Conduit

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-13 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 09:16 --------- d-----w c:\program files\Yahoo!
    2009-03-13 09:16 --------- d-----w c:\program files\Google
    2009-03-06 22:55 --------- d-----w c:\documents and settings\Sindy\Application Data\Apple Computer
    2009-03-06 12:15 --------- d-----w c:\program files\JPEG Compression
    2009-03-01 13:38 --------- d-----w c:\documents and settings\Sindy\Application Data\HP
    2009-02-26 17:13 --------- d-----w c:\documents and settings\Sindy\Application Data\Nokia
    2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
    2009-02-04 13:39 --------- d-----w c:\program files\iTunes
    2009-02-04 13:39 --------- d-----w c:\program files\iPod
    2009-02-04 13:39 --------- d-----w c:\program files\Fichiers communs\Apple
    2009-02-04 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-02-04 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-02-04 13:38 --------- d-----w c:\program files\QuickTime
    2009-02-04 13:38 --------- d-----w c:\program files\Bonjour
    2009-02-04 13:37 --------- d-----w c:\program files\Apple Software Update
    2009-02-04 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2009-01-20 09:43 --------- d-----w c:\program files\Nokia
    2009-01-20 09:43 --------- d-----w c:\program files\Fichiers communs\PCSuite
    2009-01-20 09:43 --------- d-----w c:\program files\Fichiers communs\Nokia
    2009-01-20 09:42 --------- d-----w c:\program files\PC Connectivity Solution
    2009-01-20 09:39 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
    2009-01-09 07:56 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2009-01-25 12:57 28,672 ----a-w c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
    2008-10-19 09:58 49,152 ----a-w c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
    2008-10-09 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092220080929\index.dat
    2008-10-09 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100920081010\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-14_19.43.55,68 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-09 11:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
    + 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
    - 2008-11-25 12:15:59 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
    + 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
    - 2007-03-01 08:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
    + 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
    2008-09-15 06:47 1784856 --a------ c:\program files\recfree\tbrec0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
    2009-02-28 16:41 1883672 --a------ c:\program files\RadarSyncBar2\tbRad1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{15C93148-34FE-47E6-88E5-37607A3002F3}"= "c:\program files\recfree\tbrec0.dll" [2008-09-15 1784856]
    "{3D708B11-B57C-4ABA-98F2-141DCF6C6FF8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{15c93148-34fe-47e6-88e5-37607a3002f3}]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
    "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-26 106561]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    S2 gupdate1c9764a25216d98;Google Update Service (gupdate1c9764a25216d98);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-14 133104]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - ANTIVIRSCHEDULER
    *NewlyCreated* - ANTIVIRSERVICE
    *NewlyCreated* - AVGIO
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fba852e-aa78-11dd-b78d-0011d8d072d3}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-03-15 c:\windows\Tasks\User_Feed_Synchronization-{32F996BD-7BE8-4922-AA97-291D0F287092}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.yahoo.com
    mWindow Title =
    uInternet Settings,ProxyOverride = *.local
    IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    TCP: {AF77CE47-3E7A-48BC-8DB0-A870F5C2B300} = 192.168.1.1
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Sindy\Application Data\Mozilla\Firefox\Profiles\9epm8ajj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - component: c:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
    FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-15 14:10:35
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(4040)
    c:\progra~1\WINDOW~2\wmpband.dll
    .
    Heure de fin: 2009-03-15 14:22:07
    ComboFix-quarantined-files.txt 2009-03-15 13:21:53
    ComboFix2.txt 2009-03-15 08:57:23
    ComboFix3.txt 2009-03-14 18:47:59

    Avant-CF: 71,432,581,120 octets libres
    Après-CF: 71,418,540,032 octets libres

    227 --- E O F --- 2009-03-14 00:48:44
    0
  16. evanval Messages postés 52 Statut Membre 1
     
    j'ai réinstallé antivir car mon antivirus ne fonctionné plus et il m'a trouvé ce virus TR/Trash.Gen
    je l'ai mis en quarantaine mais ne sais pas si je dois le suprimer car il se trouve dans la restauration systeme
    merci encore de votre aide
    0
  17. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    tu suprime se que antivir a trouver

    ****************************************************

    /!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

    Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

    Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

    Killall::

    File::
    c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{3fba852e-aa78-11dd-b78d-0011d8d072d­3}]

    Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  18. evanval Messages postés 52 Statut Membre 1
     
    voici le rapport conbofix
    ComboFix 09-03-13.02 - Sindy 2009-03-16 7:49:58.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.269 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Sindy\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Sindy\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-16 au 2009-03-16 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-16 07:46 . 2009-03-16 07:46 <REP> d-------- C:\32788R22FWJFW
    2009-03-15 21:07 . 2009-03-15 21:10 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-03-15 20:56 . 2009-03-15 21:06 16,409,960 --a------ c:\program files\spybotsd162.exe
    2009-03-15 15:46 . 2009-03-15 17:06 <REP> d-------- c:\program files\Fichiers communs\Symantec Shared
    2009-03-15 15:45 . 2009-03-15 17:05 <REP> d-------- c:\program files\Norton Security Scan
    2009-03-15 11:18 . 2009-03-15 11:18 <REP> d-------- c:\program files\Avira
    2009-03-15 11:18 . 2009-03-15 11:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-03-14 09:50 . 2009-03-14 09:51 <REP> d-------- c:\documents and settings\Sindy\Application Data\CyberLink
    2009-03-14 09:49 . 2009-03-14 09:51 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
    2009-03-13 22:13 . 2009-03-14 09:00 <REP> d-------- C:\ToolBar SD
    2009-03-13 18:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-13 18:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-13 18:33 . 2009-03-13 18:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-13 18:33 . 2009-03-13 18:33 2,876,720 --a------ c:\program files\mbam-setup.exe
    2009-03-13 17:50 . 2009-03-13 17:50 <REP> d-------- c:\program files\Trend Micro
    2009-03-13 17:50 . 2009-03-13 17:50 812,344 --a------ c:\program files\HJTInstall.exe
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2009-03-13 17:04 . 2008-09-25 20:37 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2009-03-13 17:04 . 2008-09-25 21:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2009-03-13 17:04 . 2009-03-13 17:22 <REP> d-------- c:\documents and settings\Administrateur
    2009-03-13 16:37 . 2009-03-15 15:18 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2009-03-13 12:53 . 2009-03-13 12:57 <REP> d-------- c:\windows\avxoscan
    2009-03-13 10:16 . 2009-03-13 10:16 <REP> d-------- C:\emme
    2009-03-05 16:20 . 2009-03-05 16:20 <REP> d-------- c:\documents and settings\Sindy\Application Data\Yahoo!
    2009-03-05 16:20 . 2009-03-05 16:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-03-05 16:20 . 2009-03-13 10:16 <REP> dr-h----- c:\documents and settings\All Users\Application Data\yahoo!
    2009-03-05 13:31 . 2009-03-05 13:31 <REP> d-------- c:\program files\Unity
    2009-02-28 16:41 . 2009-02-28 16:41 <REP> d-------- c:\program files\RadarSyncBar2
    2009-02-28 16:32 . 2009-02-28 16:34 <REP> d-------- c:\program files\recfree
    2009-02-28 16:32 . 2009-03-13 21:23 <REP> d-------- c:\program files\GooglePlusVideos
    2009-02-28 16:32 . 2009-02-28 16:32 <REP> d-------- c:\program files\Conduit

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-15 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 09:16 --------- d-----w c:\program files\Yahoo!
    2009-03-13 09:16 --------- d-----w c:\program files\Google
    2009-03-06 22:55 --------- d-----w c:\documents and settings\Sindy\Application Data\Apple Computer
    2009-03-06 12:15 --------- d-----w c:\program files\JPEG Compression
    2009-03-01 13:38 --------- d-----w c:\documents and settings\Sindy\Application Data\HP
    2009-02-26 17:13 --------- d-----w c:\documents and settings\Sindy\Application Data\Nokia
    2009-02-04 13:39 --------- d-----w c:\program files\iTunes
    2009-02-04 13:39 --------- d-----w c:\program files\iPod
    2009-02-04 13:39 --------- d-----w c:\program files\Fichiers communs\Apple
    2009-02-04 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-02-04 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-02-04 13:38 --------- d-----w c:\program files\QuickTime
    2009-02-04 13:38 --------- d-----w c:\program files\Bonjour
    2009-02-04 13:37 --------- d-----w c:\program files\Apple Software Update
    2009-02-04 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2009-01-20 09:43 --------- d-----w c:\program files\Nokia
    2009-01-20 09:43 --------- d-----w c:\program files\Fichiers communs\PCSuite
    2009-01-20 09:43 --------- d-----w c:\program files\Fichiers communs\Nokia
    2009-01-20 09:42 --------- d-----w c:\program files\PC Connectivity Solution
    2009-01-20 09:39 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
    2009-01-25 12:57 28,672 ----a-w c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
    2008-10-19 09:58 49,152 ----a-w c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
    2008-10-09 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092220080929\index.dat
    2008-10-09 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100920081010\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-14_19.43.55,68 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-03-15 14:18:55 42,248 ----a-w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll
    + 2009-03-15 14:18:56 27,912 ----a-w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll
    + 2009-03-15 14:18:58 73,728 ----a-w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll
    + 2009-03-15 14:19:00 83,296 ----a-w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll
    - 2008-05-09 11:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
    + 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
    - 2008-11-25 12:15:59 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
    + 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
    - 2007-03-01 08:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
    + 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
    2008-09-15 06:47 1784856 --a------ c:\program files\recfree\tbrec0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
    2009-02-28 16:41 1883672 --a------ c:\program files\RadarSyncBar2\tbRad1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{15C93148-34FE-47E6-88E5-37607A3002F3}"= "c:\program files\recfree\tbrec0.dll" [2008-09-15 1784856]
    "{3D708B11-B57C-4ABA-98F2-141DCF6C6FF8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2009-02-28 1883672]

    [HKEY_CLASSES_ROOT\clsid\{15c93148-34fe-47e6-88e5-37607a3002f3}]

    [HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
    "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-26 106561]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    S2 gupdate1c9764a25216d98;Google Update Service (gupdate1c9764a25216d98);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-14 133104]
    S3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [2009-03-15 101936]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fba852e-aa78-11dd-b78d-0011d8d072d3}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-03-15 c:\windows\Tasks\User_Feed_Synchronization-{32F996BD-7BE8-4922-AA97-291D0F287092}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.yahoo.com
    mWindow Title =
    uInternet Settings,ProxyOverride = *.local
    IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    TCP: {AF77CE47-3E7A-48BC-8DB0-A870F5C2B300} = 192.168.1.1
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Sindy\Application Data\Mozilla\Firefox\Profiles\9epm8ajj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - component: c:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
    FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-16 07:52:38
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\searchindexer.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
    c:\windows\system32\HPZipm12.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-16 7:58:22 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-16 06:58:18
    ComboFix2.txt 2009-03-15 13:22:20
    ComboFix3.txt 2009-03-15 08:57:23
    ComboFix4.txt 2009-03-14 18:47:59

    Avant-CF: 74 840 997 888 octets libres
    Après-CF: 74,831,761,408 octets libres

    251 --- E O F --- 2009-03-14 00:48:44
    0
  19. evanval Messages postés 52 Statut Membre 1
     
    le rapport hijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:03:14, on 16/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\UMStor\Res.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Orange\systray\systrayapp.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files\recfree\tbrec0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AF77CE47-3E7A-48BC-8DB0-A870F5C2B300}: NameServer = 192.168.1.1
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Update Service (gupdate1c9764a25216d98) (gupdate1c9764a25216d98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  20. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :Processes

    :Services

    :files
    c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

    :Reg
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fba852e-aa78-11dd-b78d-0011d8d072d3}]

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

    0
  21. evanval Messages postés 52 Statut Membre 1
     
    je l'ai lancer et il s'ouvre mais il attends que je fasse qelquechose mais je ne sais pas quoi
    j'ai copier votre texte mais pouvez vous me dire où je le met s'il vous plait
    0
  • 1
  • 2