Infection Trojan et Dropper

Résolu
jthievre Messages postés 11 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,

mon système est infecté : trojan (TR/Vundo.Gen) + dropper

AntiVir, Ccleaner n'ont pu en venir a bout.

je joins le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:48, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\upbdphck.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11516 bytes
Configuration: Windows XP
Firefox 2.0.0.12

10 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour,
    on va essayer de t'aider :-)

    tu vas commencer par renommer hijack
    pour ceci tu vas dans C:==>prorammes file ==>trend micro ==>hijack que tu ouvre et tu trouve un autre hijack que tu renomme par jthievre par exemple et tu colle un nouveau rapport stp

    ensuite
    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt

    ensuite
    Télécharge VirtumundoBeGone sur ton bureau .
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => double-clic sur VirtumundoBeGone.exe
    => Suis les instructions à l'écran
    => Quand le scan est terminé, enregistre le rapport.
    => Copie/Colle le ici

    ensuite
    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    @+
    1
    1. jthievre Messages postés 11 Statut Membre 1
       
      Ok, j'ai renommé Hijackthis.exe en jthievre.exe.
      Je colle le nouveau rapport

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:23:10, on 24/02/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\taskmgr.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\Program Files\Synaptics\SynTP\Toshiba.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Valve\Steam\Steam.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      C:\Program Files\MagicDisc\MagicDisc.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Trend Micro\HijackThis\jthievre.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

      https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

      https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

      https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

      https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

      https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

      https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

      https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -

      {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

      Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

      Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - C:\WINDOWS\system32\urqqolm.dll
      O2 - BHO: (no name) - {2ef9162c-ce44-4d60-be31-8ed364e665ac} -

      C:\WINDOWS\system32\olgmgeoi.dll (file missing)
      O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program

      Files\Windows Desktop Search\dsWebAllow.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

      C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: (no name) - {6E657B72-ED98-4B36-9FD9-69D61C844279} - C:\WINDOWS\system32\mljjj.dll

      (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

      Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

      Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
      O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

      C:\Program Files\MSN Toolbar Suite\msntb.dll
      O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

      Files\MSN Toolbar Suite\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -

      {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom

      TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel

      PROSet/Wireless
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop

      Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
      O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\upbdphck.dll",b
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe"

      /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program

      Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program

      Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

      Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat

      7.0\Reader\reader_sl.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google

      Updater\GoogleUpdater.exe
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop

      Search\WindowsSearch.exe
      O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar

      Suite\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel -

      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program

      Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program

      Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

      Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

      C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

      Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

      C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

      Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

      C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

      Files\Yahoo!\Common\yinsthelper.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

      Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH -

      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH -

      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program

      Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program

      Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop

      Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

      Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

      Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
      O23 - Service: Microsoft security update service (msupdate) - Unknown owner -

      c:\windows\system32\msvcrtd.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

      C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation -

      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation -

      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program

      Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 -

      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    trés bien on voit la différence
    maintenant les autres rapports stp
    @+
    1
    1. jthievre Messages postés 11 Statut Membre 1
       
      Voila les rapports de VundoFix, VirtumundoBeGone et ComboFix :

      *****************************************************************

      VundoFix V6.7.8

      Checking Java version...

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Scan started at 11:31:01 24/02/2008

      Listing files found while scanning....

      C:\WINDOWS\system32\urqqolm.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\urqqolm.dll
      C:\WINDOWS\system32\urqqolm.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\urqqolm.dll
      C:\WINDOWS\system32\urqqolm.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      ************************************************************************


      [02/24/2008, 11:55:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jérôme\Bureau\VirtumundoBeGone.exe" )
      [02/24/2008, 11:55:45] - Detected System Information:
      [02/24/2008, 11:55:45] - Windows Version: 5.1.2600, Service Pack 2
      [02/24/2008, 11:55:45] - Current Username: Jérôme (Admin)
      [02/24/2008, 11:55:45] - Windows is in NORMAL mode.
      [02/24/2008, 11:55:45] - Searching for Browser Helper Objects:
      [02/24/2008, 11:55:45] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [02/24/2008, 11:55:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [02/24/2008, 11:55:45] - BHO 3: {23D44BCF-AA7A-41D6-8905-E808F16322EF} ()
      [02/24/2008, 11:55:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/24/2008, 11:55:45] - Checking for HKLM\...\Winlogon\Notify\urqqolm
      [02/24/2008, 11:55:45] - Key not found: HKLM\...\Winlogon\Notify\urqqolm, continuing.
      [02/24/2008, 11:55:45] - BHO 4: {2ef9162c-ce44-4d60-be31-8ed364e665ac} ()
      [02/24/2008, 11:55:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/24/2008, 11:55:45] - Checking for HKLM\...\Winlogon\Notify\olgmgeoi
      [02/24/2008, 11:55:45] - Key not found: HKLM\...\Winlogon\Notify\olgmgeoi, continuing.
      [02/24/2008, 11:55:45] - BHO 5: {2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class)
      [02/24/2008, 11:55:45] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [02/24/2008, 11:55:45] - BHO 7: {6E657B72-ED98-4B36-9FD9-69D61C844279} ()
      [02/24/2008, 11:55:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/24/2008, 11:55:45] - Checking for HKLM\...\Winlogon\Notify\mljjj
      [02/24/2008, 11:55:45] - Key not found: HKLM\...\Winlogon\Notify\mljjj, continuing.
      [02/24/2008, 11:55:45] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [02/24/2008, 11:55:45] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [02/24/2008, 11:55:45] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Barre d'outils MSN Search Helper)
      [02/24/2008, 11:55:45] - Finished Searching Browser Helper Objects
      [02/24/2008, 11:55:45] - Finishing up...
      [02/24/2008, 11:55:45] - Nothing found! Exiting...


      *****************************************************************************************

      ComboFix 08-02-15.1 - Jérôme 2008-02-24 11:57:46.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1479 [GMT 1:00]
      Endroit: C:\Documents and Settings\Jérôme\Bureau\Combo-Fix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\Program Files\Helper
      C:\WINDOWS\system32\kchpdbpu.ini
      C:\WINDOWS\system32\urqqolm.dll

      ----- BITS: Possible sites infect‚s -----

      hxxp://au.download.windowsupdate.c
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_MSUPDATE
      -------\msupdate


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
      .

      2008-02-24 10:37 . 2008-02-24 11:51 <REP> d-------- C:\VundoFix Backups
      2008-02-24 10:17 . 2008-02-24 10:17 <REP> d-------- C:\Program Files\Yahoo!
      2008-02-24 10:17 . 2008-02-24 10:18 <REP> d-------- C:\Program Files\CCleaner
      2008-02-23 23:05 . 2008-02-23 23:05 8 --a------ C:\WINDOWS\system32\6450f617
      2008-02-20 20:30 . 2008-02-20 20:30 <REP> d-------- C:\Program Files\Trend Micro
      2008-02-19 22:10 . 2008-02-19 22:10 <REP> d-------- C:\Program Files\Avira
      2008-02-19 22:10 . 2008-02-19 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-02-19 21:33 . 2008-02-19 21:33 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-02-15 21:45 . 2008-02-15 21:45 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
      2008-02-15 21:45 . 2008-02-15 21:45 2 --a------ C:\1683022902
      2008-02-15 21:39 . 2008-02-15 21:39 <REP> d-------- C:\temp
      2008-02-15 21:19 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
      2008-02-15 21:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
      2008-02-15 21:19 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
      2008-02-15 21:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
      2008-02-15 21:19 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
      2008-02-15 21:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
      2008-02-15 21:19 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
      2008-02-15 21:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
      2008-02-15 21:19 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
      2008-02-15 21:19 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
      2008-02-15 21:02 . 2008-02-15 21:02 <REP> d-------- C:\Program Files\MagicDisc
      2008-02-15 21:02 . 2008-02-11 23:36 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-24 10:29 --------- d-----w C:\Program Files\Java
      2008-02-24 09:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-02-24 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-02-19 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Media Center Programs
      2008-02-15 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-06 08:31 --------- d-----w C:\Program Files\Neuf
      2007-06-11 13:20 0 ----a-w C:\Documents and Settings\Christa\Application Data\wklnhst.dat
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ef9162c-ce44-4d60-be31-8ed364e665ac}]
      C:\WINDOWS\system32\olgmgeoi.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E657B72-ED98-4B36-9FD9-69D61C844279}]
      C:\WINDOWS\system32\mljjj.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
      "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
      "Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-12-04 23:36 1266936]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948]
      "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
      "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320]
      "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 88204 C:\WINDOWS\agrsmmsg.exe]
      "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352]
      "TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe]
      "NDSTray.exe"="NDSTray.exe" []
      "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
      "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
      "TFncKy"="TFncKy.exe" []
      "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]
      "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
      "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
      "CFSServ.exe"="CFSServ.exe" []
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-03 21:56 223232]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120]
      "nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe]
      "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04 49152]
      "6450e499"="C:\WINDOWS\system32\upbdphck.dll" [ ]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-19 22:12 249896]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      "LoadAppInit_DLLs"=1 (0x1)

      R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
      S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-02-16 20:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-24 12:04:01
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\Synaptics\SynTP\Toshiba.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-02-24 12:09:44 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-24 11:09:40
      .
      2008-02-13 02:03:40 --- E O F ---
      0
      1. jthievre Messages postés 11 Statut Membre 1 > jthievre Messages postés 11 Statut Membre
         
        Il y a toujours une dll suspecte dans C:\WINDOWS\system32 : jkghje.dll
        Ce fichier ne peut pas être effacé. (Le fichier est intouvable, dixit windows)
        0
  3. jthievre Messages postés 11 Statut Membre 1
     
    AntiVir détecte a nouveau Vundo.Gen a une autre localisation.
    Je refais un rapport hijackthis.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:59:07, on 24/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files\Trend Micro\HijackThis\jthievre.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2ef9162c-ce44-4d60-be31-8ed364e665ac} - C:\WINDOWS\system32\olgmgeoi.dll (file missing)
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {6E657B72-ED98-4B36-9FD9-69D61C844279} - C:\WINDOWS\system32\mljjj.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
    O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\upbdphck.dll",b
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    1
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    selectionne ceci

    registry::

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ef9162c-ce44-4d60-be31-8ed364e665ac}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E657B72-ED98-4B36-9FD9-69D61C844279}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "6450e499"=-

    File::

    C:\WINDOWS\system32\jkghje.dll
    C:\1683022902

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ensuite Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
    = Installer
    = Le lancer
    = Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    = Dans ANALYSE ( en forme de loupe )
    ==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    ==> Clic : Analyse complète du système
    En fin de scan ( qui est assez long)
    ==> Clic Appliquer toutes les actions <== ceci Très important
    ==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport

    ensuite un nouveau rapport hijack stp
    @+
    1
    1. jthievre Messages postés 11 Statut Membre 1
       
      Ca a l'air de d'être réglé.
      Voila les rapports ComboFix, AVG et hijackthis:


      ComboFix 08-02-15.1 - Jérôme 2008-02-24 13:22:17.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1450 [GMT 1:00]
      Endroit: C:\Documents and Settings\Jérôme\Bureau\Combo-Fix.exe
      Command switches used :: C:\Documents and Settings\Jérôme\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE
      C:\1683022902
      C:\WINDOWS\system32\jkghje.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\jkghje.dll
      C:\1683022902
      C:\WINDOWS\system32\jkghje.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
      .

      2008-02-24 13:25 . 2008-02-24 13:25 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
      2008-02-24 10:37 . 2008-02-24 11:51 <REP> d-------- C:\VundoFix Backups
      2008-02-24 10:17 . 2008-02-24 10:17 <REP> d-------- C:\Program Files\Yahoo!
      2008-02-24 10:17 . 2008-02-24 10:18 <REP> d-------- C:\Program Files\CCleaner
      2008-02-20 20:30 . 2008-02-20 20:30 <REP> d-------- C:\Program Files\Trend Micro
      2008-02-19 22:10 . 2008-02-19 22:10 <REP> d-------- C:\Program Files\Avira
      2008-02-19 22:10 . 2008-02-19 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-02-19 21:33 . 2008-02-19 21:33 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-02-15 21:39 . 2008-02-15 21:39 <REP> d-------- C:\temp
      2008-02-15 21:19 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
      2008-02-15 21:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
      2008-02-15 21:19 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
      2008-02-15 21:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
      2008-02-15 21:19 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
      2008-02-15 21:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
      2008-02-15 21:19 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
      2008-02-15 21:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
      2008-02-15 21:19 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
      2008-02-15 21:19 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
      2008-02-15 21:02 . 2008-02-15 21:02 <REP> d-------- C:\Program Files\MagicDisc
      2008-02-15 21:02 . 2008-02-11 23:36 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-24 10:29 --------- d-----w C:\Program Files\Java
      2008-02-24 09:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-02-24 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-02-19 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Media Center Programs
      2008-02-15 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-06 08:31 --------- d-----w C:\Program Files\Neuf
      2007-06-11 13:20 0 ----a-w C:\Documents and Settings\Christa\Application Data\wklnhst.dat
      2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
      "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
      "Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-12-04 23:36 1266936]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948]
      "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
      "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320]
      "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 88204 C:\WINDOWS\agrsmmsg.exe]
      "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352]
      "TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe]
      "NDSTray.exe"="NDSTray.exe" []
      "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
      "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
      "TFncKy"="TFncKy.exe" []
      "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]
      "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
      "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
      "CFSServ.exe"="CFSServ.exe" []
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-03 21:56 223232]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120]
      "nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe]
      "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04 49152]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-19 22:12 249896]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

      R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
      S1 wer32;wer32;C:\WINDOWS\system32\jkghje.dll []
      S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-02-16 20:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-24 13:26:53
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Synaptics\SynTP\Toshiba.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-02-24 13:32:12 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-24 12:32:09
      ComboFix2.txt 2008-02-24 11:09:45
      .
      2008-02-13 02:03:40 --- E O F ---

      ----------------------------------------------------------------------------------------------------------------------------------

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 19:08:46 24/02/2008

      + Résultat de l'analyse:



      :mozilla.287:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
      :mozilla.289:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
      :mozilla.290:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
      :mozilla.291:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
      :mozilla.215:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.216:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.217:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.218:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.219:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.220:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.221:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.222:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.295:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.584:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.848:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.885:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.897:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.477:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
      :mozilla.478:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
      :mozilla.479:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
      :mozilla.480:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
      :mozilla.481:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
      :mozilla.482:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
      :mozilla.146:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
      :mozilla.149:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
      :mozilla.32:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
      :mozilla.365:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.366:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.367:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.368:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.369:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.43:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.44:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.45:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.256:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
      :mozilla.40:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
      :mozilla.81:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
      :mozilla.25:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
      :mozilla.270:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
      :mozilla.92:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
      :mozilla.30:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.31:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.33:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.432:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.433:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.434:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.54:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      :mozilla.77:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
      :mozilla.370:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
      :mozilla.613:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
      :mozilla.614:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@goclick[1].txt -> TrackingCookie.Goclick : Nettoyé.
      :mozilla.205:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.207:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.214:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.231:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.277:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.286:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.292:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.304:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.346:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.350:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
      :mozilla.596:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
      :mozilla.597:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
      :mozilla.426:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
      :mozilla.428:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
      :mozilla.264:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
      :mozilla.135:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
      :mozilla.136:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
      :mozilla.137:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
      :mozilla.750:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
      :mozilla.761:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
      :mozilla.762:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
      :mozilla.494:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.495:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.496:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.497:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.498:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.499:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.500:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.227:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
      :mozilla.228:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
      :mozilla.410:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
      :mozilla.248:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.249:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.250:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.251:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.252:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.253:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.254:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.46:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.47:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.48:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.80:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.84:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.85:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.87:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.237:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
      :mozilla.241:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
      :mozilla.242:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
      :mozilla.246:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
      :mozilla.752:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
      :mozilla.100:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.98:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.99:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.9:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
      C:\Documents and Settings\Christa\Cookies\christa@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
      :mozilla.211:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
      :mozilla.258:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
      :mozilla.259:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
      :mozilla.260:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
      :mozilla.261:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.


      Fin du rapport

      --------------------------------------------------------------------------------------------------------------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:55:30, on 25/02/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Synaptics\SynTP\Toshiba.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Valve\Steam\Steam.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      C:\Program Files\MagicDisc\MagicDisc.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\MSN Toolbar Suite\msn_sl.exe
      C:\Program Files\Trend Micro\HijackThis\jthievre.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
      O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
      O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    relance hijack et coche ceci
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    ensuite clic sur fix checked

    ensuite
    fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    ensuite dit si tu as encore des soucis
    @+
    1
    1. jthievre Messages postés 11 Statut Membre 1
       
      Le rapport BitDefender :


      BitDefender Online Scanner
      Rapport d'analyse généré à: Tue, Feb 26, 2008 - 09:50:41

      Voie d'analyse: C:\;D:\;E:\;


      Statistiques
      Temps 00:30:45
      Fichiers 83495
      Directoires 9985
      Secteurs de boot 3
      Archives 1255
      Paquets programmes 6818


      Résultats
      Virus identifiés 2
      Fichiers infectés 8
      Fichiers suspects 0
      Avertissements 0
      Désinfectés 0
      Fichiers effacés 8


      Info sur les moteurs
      Définition virus 983692
      Version des moteurs AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
      Analyse des plugins 16
      Archive des plugins 41
      Unpack des plugins 7
      E-mail plugins 6
      Système plugins 5


      Paramètres d'analyse
      Première action Désinfecté
      Seconde Action Supprimé
      Heuristique Oui
      Acceptez les avertissements Oui
      Extensions analysées exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
      Excludez les extensions
      Analyse d'emails Oui
      Analyse des Archives Oui
      Analyser paquets programmes Oui
      Analyse des fichiers Oui
      Analyse de boot Oui



      Fichier analysé Statut
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-203114-529.dll Infecté par: Trojan.Vundo.Gen.2
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-203114-529.dll Echec de la désinfection
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-203114-529.dll Supprimé
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205403-343.dll Infecté par: Trojan.Vundo.Gen.2
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205403-343.dll Echec de la désinfection
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205403-343.dll Supprimé
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205622-565.dll Infecté par: Trojan.Vundo.Gen.2
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205622-565.dll Echec de la désinfection
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205622-565.dll Supprimé
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP263\A0034196.ini Infecté par: Trojan.Vundo.DVS
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP263\A0034196.ini Echec de la désinfection
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP263\A0034196.ini Supprimé
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP277\A0038460.dll Infecté par: Trojan.Vundo.Gen.2
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP277\A0038460.dll Echec de la désinfection
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP277\A0038460.dll Supprimé
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038644.dll Infecté par: Trojan.Vundo.Gen.2
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038644.dll Echec de la désinfection
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038644.dll Supprimé
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038645.dll Infecté par: Trojan.Vundo.Gen.2
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038645.dll Echec de la désinfection
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038645.dll Supprimé
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038646.dll Infecté par: Trojan.Vundo.Gen.2
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038646.dll Echec de la désinfection
      C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038646.dll Supprimé
      0
      1. jthievre Messages postés 11 Statut Membre 1 > jthievre Messages postés 11 Statut Membre
         
        Ca a l'air d'etre des backups produits par les différents outils de sécurité !!
        0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    oui, mais néttoyé :-)

    refait un nouveau hijack et dit moi si tu as encore des soucis
    @+
    1
    1. jthievre Messages postés 11 Statut Membre 1
       
      Volia le rapport hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:42:18, on 26/02/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
      C:\Program Files\Synaptics\SynTP\Toshiba.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Valve\Steam\Steam.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\MagicDisc\MagicDisc.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Mozilla Thunderbird\thunderbird.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\jthievre.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
      O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
      O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-21-1550878039-3768518379-1109442219-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Christa')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
      1. jthievre Messages postés 11 Statut Membre 1 > jthievre Messages postés 11 Statut Membre
         
        Tout semble fonctionner normalement à présent.
        Merci beaucoup pour ton aide.

        Puis-je effacer le répertoire : C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}
        0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    on va l'effacer en restaurant le systéme
    suit ceci
    Tu peux supprimer tous les logiciels que nous avons utilisés
    va dans ajout/suppression de programes et dans programmes files
    pour vérifier

    ensuite fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite (IMPORTANT)

    si plus de soucis marque ton sujet en résolu
    @+
    1
    1. jthievre Messages postés 11 Statut Membre 1
       
      Encore merci ep44.
      A la prochaine.
      0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonne chance pour la suite
    ;-)
    1
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    salut il faut créer ton propre sujet
    Merci
    1
  11. FabioneKenoby
     
    Bonjour,
    Bitdefender vient de me détecter un trojan Dropper Delf VT et je tente par tous les moyens (spybots, adware 2007, avg free...)de le supprimer mais IMPOSSIBLE est ce que vous pouvez m'aider Merci
    0