Infection Trojan et Dropper

Résolu/Fermé

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 - 24 févr. 2008 à 10:34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 28 févr. 2008 à 20:59

Bonjour,

mon système est infecté : trojan (TR/Vundo.Gen) + dropper

AntiVir, Ccleaner n'ont pu en venir a bout.

je joins le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:48, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\upbdphck.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

A voir également:

Infection Trojan et Dropper
Trojan remover - Télécharger - Antivirus & Antimalwares
Trojan al11 - Forum Virus
Csrss.exe trojan - Forum Virus
Trojan agent ✓ - Forum Virus
Csrss.exe : processus suspect/virus ? - Forum Virus

10 réponses

Réponse 1 / 10

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
24 févr. 2008 à 10:52

Bonjour,
on va essayer de t'aider :-)

tu vas commencer par renommer hijack
pour ceci tu vas dans C:==>prorammes file ==>trend micro ==>hijack que tu ouvre et tu trouve un autre hijack que tu renomme par jthievre par exemple et tu colle un nouveau rapport stp

ensuite
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici

ensuite
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

@+

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 1
24 févr. 2008 à 11:24

Ok, j'ai renommé Hijackthis.exe en jthievre.exe.
Je colle le nouveau rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:10, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\jthievre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - C:\WINDOWS\system32\urqqolm.dll
O2 - BHO: (no name) - {2ef9162c-ce44-4d60-be31-8ed364e665ac} -

C:\WINDOWS\system32\olgmgeoi.dll (file missing)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program

Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6E657B72-ED98-4B36-9FD9-69D61C844279} - C:\WINDOWS\system32\mljjj.dll

(file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom

TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel

PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\upbdphck.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe"

/min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program

Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google

Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop

Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar

Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program

Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program

Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH -

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH -

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program

Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop

Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner -

c:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program

Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 -

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 2 / 10

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
24 févr. 2008 à 11:43

trés bien on voit la différence
maintenant les autres rapports stp
@+

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 1
24 févr. 2008 à 12:14

Voila les rapports de VundoFix, VirtumundoBeGone et ComboFix :

*****************************************************************

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:31:01 24/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\urqqolm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\urqqolm.dll
C:\WINDOWS\system32\urqqolm.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\urqqolm.dll
C:\WINDOWS\system32\urqqolm.dll Could not be deleted.

Performing Repairs to the registry.
Done!

************************************************************************

[02/24/2008, 11:55:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jérôme\Bureau\VirtumundoBeGone.exe" )
[02/24/2008, 11:55:45] - Detected System Information:
[02/24/2008, 11:55:45] - Windows Version: 5.1.2600, Service Pack 2
[02/24/2008, 11:55:45] - Current Username: Jérôme (Admin)
[02/24/2008, 11:55:45] - Windows is in NORMAL mode.
[02/24/2008, 11:55:45] - Searching for Browser Helper Objects:
[02/24/2008, 11:55:45] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[02/24/2008, 11:55:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/24/2008, 11:55:45] - BHO 3: {23D44BCF-AA7A-41D6-8905-E808F16322EF} ()
[02/24/2008, 11:55:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2008, 11:55:45] - Checking for HKLM\...\Winlogon\Notify\urqqolm
[02/24/2008, 11:55:45] - Key not found: HKLM\...\Winlogon\Notify\urqqolm, continuing.
[02/24/2008, 11:55:45] - BHO 4: {2ef9162c-ce44-4d60-be31-8ed364e665ac} ()
[02/24/2008, 11:55:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2008, 11:55:45] - Checking for HKLM\...\Winlogon\Notify\olgmgeoi
[02/24/2008, 11:55:45] - Key not found: HKLM\...\Winlogon\Notify\olgmgeoi, continuing.
[02/24/2008, 11:55:45] - BHO 5: {2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class)
[02/24/2008, 11:55:45] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[02/24/2008, 11:55:45] - BHO 7: {6E657B72-ED98-4B36-9FD9-69D61C844279} ()
[02/24/2008, 11:55:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2008, 11:55:45] - Checking for HKLM\...\Winlogon\Notify\mljjj
[02/24/2008, 11:55:45] - Key not found: HKLM\...\Winlogon\Notify\mljjj, continuing.
[02/24/2008, 11:55:45] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/24/2008, 11:55:45] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/24/2008, 11:55:45] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Barre d'outils MSN Search Helper)
[02/24/2008, 11:55:45] - Finished Searching Browser Helper Objects
[02/24/2008, 11:55:45] - Finishing up...
[02/24/2008, 11:55:45] - Nothing found! Exiting...

*****************************************************************************************

ComboFix 08-02-15.1 - Jérôme 2008-02-24 11:57:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1479 [GMT 1:00]
Endroit: C:\Documents and Settings\Jérôme\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Helper
C:\WINDOWS\system32\kchpdbpu.ini
C:\WINDOWS\system32\urqqolm.dll

----- BITS: Possible sites infect‚s -----

hxxp://au.download.windowsupdate.c
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\msupdate

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
.

2008-02-24 10:37 . 2008-02-24 11:51 <REP> d-------- C:\VundoFix Backups
2008-02-24 10:17 . 2008-02-24 10:17 <REP> d-------- C:\Program Files\Yahoo!
2008-02-24 10:17 . 2008-02-24 10:18 <REP> d-------- C:\Program Files\CCleaner
2008-02-23 23:05 . 2008-02-23 23:05 8 --a------ C:\WINDOWS\system32\6450f617
2008-02-20 20:30 . 2008-02-20 20:30 <REP> d-------- C:\Program Files\Trend Micro
2008-02-19 22:10 . 2008-02-19 22:10 <REP> d-------- C:\Program Files\Avira
2008-02-19 22:10 . 2008-02-19 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-19 21:33 . 2008-02-19 21:33 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-02-15 21:45 . 2008-02-15 21:45 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-15 21:45 . 2008-02-15 21:45 2 --a------ C:\1683022902
2008-02-15 21:39 . 2008-02-15 21:39 <REP> d-------- C:\temp
2008-02-15 21:19 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-15 21:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-15 21:19 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-15 21:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-15 21:19 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-15 21:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-15 21:19 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-02-15 21:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-15 21:19 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-02-15 21:19 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-02-15 21:02 . 2008-02-15 21:02 <REP> d-------- C:\Program Files\MagicDisc
2008-02-15 21:02 . 2008-02-11 23:36 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 10:29 --------- d-----w C:\Program Files\Java
2008-02-24 09:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-24 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-19 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Media Center Programs
2008-02-15 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 08:31 --------- d-----w C:\Program Files\Neuf
2007-06-11 13:20 0 ----a-w C:\Documents and Settings\Christa\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ef9162c-ce44-4d60-be31-8ed364e665ac}]
C:\WINDOWS\system32\olgmgeoi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E657B72-ED98-4B36-9FD9-69D61C844279}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-12-04 23:36 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 88204 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"CFSServ.exe"="CFSServ.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-03 21:56 223232]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120]
"nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04 49152]
"6450e499"="C:\WINDOWS\system32\upbdphck.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-19 22:12 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-16 20:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 12:04:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-24 12:09:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 11:09:40
.
2008-02-13 02:03:40 --- E O F ---

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 1 > jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008
24 févr. 2008 à 12:22

Il y a toujours une dll suspecte dans C:\WINDOWS\system32 : jkghje.dll
Ce fichier ne peut pas être effacé. (Le fichier est intouvable, dixit windows)

Réponse 3 / 10

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 1
24 févr. 2008 à 13:00

AntiVir détecte a nouveau Vundo.Gen a une autre localisation.
Je refais un rapport hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:07, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\jthievre.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ef9162c-ce44-4d60-be31-8ed364e665ac} - C:\WINDOWS\system32\olgmgeoi.dll (file missing)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6E657B72-ED98-4B36-9FD9-69D61C844279} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\upbdphck.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 4 / 10

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
24 févr. 2008 à 13:00

selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ef9162c-ce44-4d60-be31-8ed364e665ac}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E657B72-ED98-4B36-9FD9-69D61C844279}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6450e499"=-

File::

C:\WINDOWS\system32\jkghje.dll
C:\1683022902

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

ensuite Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport

ensuite un nouveau rapport hijack stp
@+

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 1
25 févr. 2008 à 14:02

Ca a l'air de d'être réglé.
Voila les rapports ComboFix, AVG et hijackthis:

ComboFix 08-02-15.1 - Jérôme 2008-02-24 13:22:17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1450 [GMT 1:00]
Endroit: C:\Documents and Settings\Jérôme\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Jérôme\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
C:\1683022902
C:\WINDOWS\system32\jkghje.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkghje.dll
C:\1683022902
C:\WINDOWS\system32\jkghje.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
.

2008-02-24 13:25 . 2008-02-24 13:25 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-02-24 10:37 . 2008-02-24 11:51 <REP> d-------- C:\VundoFix Backups
2008-02-24 10:17 . 2008-02-24 10:17 <REP> d-------- C:\Program Files\Yahoo!
2008-02-24 10:17 . 2008-02-24 10:18 <REP> d-------- C:\Program Files\CCleaner
2008-02-20 20:30 . 2008-02-20 20:30 <REP> d-------- C:\Program Files\Trend Micro
2008-02-19 22:10 . 2008-02-19 22:10 <REP> d-------- C:\Program Files\Avira
2008-02-19 22:10 . 2008-02-19 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-19 21:33 . 2008-02-19 21:33 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-02-15 21:39 . 2008-02-15 21:39 <REP> d-------- C:\temp
2008-02-15 21:19 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-15 21:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-15 21:19 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-15 21:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-15 21:19 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-15 21:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-15 21:19 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-02-15 21:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-15 21:19 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-02-15 21:19 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-02-15 21:02 . 2008-02-15 21:02 <REP> d-------- C:\Program Files\MagicDisc
2008-02-15 21:02 . 2008-02-11 23:36 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 10:29 --------- d-----w C:\Program Files\Java
2008-02-24 09:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-24 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-19 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Media Center Programs
2008-02-15 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 08:31 --------- d-----w C:\Program Files\Neuf
2007-06-11 13:20 0 ----a-w C:\Documents and Settings\Christa\Application Data\wklnhst.dat
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-12-04 23:36 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 88204 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"CFSServ.exe"="CFSServ.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-03 21:56 223232]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120]
"nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04 49152]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-19 22:12 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S1 wer32;wer32;C:\WINDOWS\system32\jkghje.dll []
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-16 20:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 13:26:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-24 13:32:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 12:32:09
ComboFix2.txt 2008-02-24 11:09:45
.
2008-02-13 02:03:40 --- E O F ---

----------------------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:08:46 24/02/2008

+ Résultat de l'analyse:

:mozilla.287:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.289:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.290:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.291:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.215:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.216:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.217:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.218:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.219:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.220:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.221:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.222:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.295:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.584:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.848:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.885:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.897:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.477:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.478:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.479:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.480:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.481:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.482:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.146:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.149:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.32:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.365:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.366:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.367:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.368:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.369:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.43:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.44:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.45:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.256:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.40:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.81:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.25:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.270:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.92:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.30:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.31:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.33:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.432:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.433:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.434:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.54:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.77:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.370:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.613:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.614:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@goclick[1].txt -> TrackingCookie.Goclick : Nettoyé.
:mozilla.205:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.207:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.214:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.231:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.277:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.286:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.292:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.304:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.346:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.350:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.596:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.597:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.426:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.428:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.264:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.135:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.136:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.137:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.750:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.761:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.762:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.494:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.495:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.496:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.497:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.498:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.499:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.500:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.227:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.228:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.410:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.248:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.249:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.250:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.251:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.252:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.253:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.254:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.46:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.47:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.48:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.80:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.84:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.85:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.87:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.237:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.241:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.242:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.246:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.752:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.100:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.98:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.99:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.9:C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\0k98bevu.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Christa\Cookies\christa@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.211:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.258:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.259:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.260:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.261:C:\Documents and Settings\Christa\Application Data\Mozilla\Firefox\Profiles\0vatf0g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

Fin du rapport

--------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:30, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Toolbar Suite\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\jthievre.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 10

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
25 févr. 2008 à 20:16

Bonsoir

relance hijack et coche ceci
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
ensuite clic sur fix checked

ensuite
fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite dit si tu as encore des soucis
@+

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 1
26 févr. 2008 à 09:59

Le rapport BitDefender :

BitDefender Online Scanner
Rapport d'analyse généré à: Tue, Feb 26, 2008 - 09:50:41

Voie d'analyse: C:\;D:\;E:\;

Statistiques
Temps 00:30:45
Fichiers 83495
Directoires 9985
Secteurs de boot 3
Archives 1255
Paquets programmes 6818

Résultats
Virus identifiés 2
Fichiers infectés 8
Fichiers suspects 0
Avertissements 0
Désinfectés 0
Fichiers effacés 8

Info sur les moteurs
Définition virus 983692
Version des moteurs AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins 16
Archive des plugins 41
Unpack des plugins 7
E-mail plugins 6
Système plugins 5

Paramètres d'analyse
Première action Désinfecté
Seconde Action Supprimé
Heuristique Oui
Acceptez les avertissements Oui
Extensions analysées exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails Oui
Analyse des Archives Oui
Analyser paquets programmes Oui
Analyse des fichiers Oui
Analyse de boot Oui

Fichier analysé Statut
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-203114-529.dll Infecté par: Trojan.Vundo.Gen.2
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-203114-529.dll Echec de la désinfection
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-203114-529.dll Supprimé
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205403-343.dll Infecté par: Trojan.Vundo.Gen.2
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205403-343.dll Echec de la désinfection
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205403-343.dll Supprimé
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205622-565.dll Infecté par: Trojan.Vundo.Gen.2
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205622-565.dll Echec de la désinfection
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080220-205622-565.dll Supprimé
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP263\A0034196.ini Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP263\A0034196.ini Echec de la désinfection
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP263\A0034196.ini Supprimé
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP277\A0038460.dll Infecté par: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP277\A0038460.dll Echec de la désinfection
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP277\A0038460.dll Supprimé
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038644.dll Infecté par: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038644.dll Echec de la désinfection
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038644.dll Supprimé
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038645.dll Infecté par: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038645.dll Echec de la désinfection
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038645.dll Supprimé
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038646.dll Infecté par: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038646.dll Echec de la désinfection
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP279\A0038646.dll Supprimé

Ca a l'air d'etre des backups produits par les différents outils de sécurité !!

Réponse 6 / 10

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
26 févr. 2008 à 10:37

Bonjour

oui, mais néttoyé :-)

refait un nouveau hijack et dit moi si tu as encore des soucis
@+

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 1
26 févr. 2008 à 10:43

Volia le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:18, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\jthievre.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1550878039-3768518379-1109442219-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Christa')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Tout semble fonctionner normalement à présent.
Merci beaucoup pour ton aide.

Puis-je effacer le répertoire : C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}

Réponse 7 / 10

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
26 févr. 2008 à 11:35

on va l'effacer en restaurant le systéme
suit ceci
Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier

ensuite fait ceci (IMPORTANT)

=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite (IMPORTANT)

si plus de soucis marque ton sujet en résolu
@+

jthievre Messages postés 11 Date d'inscription dimanche 24 février 2008 Statut Membre Dernière intervention 26 février 2008 1
26 févr. 2008 à 12:02

Encore merci ep44.
A la prochaine.

Réponse 8 / 10

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
26 févr. 2008 à 12:29

Bonne chance pour la suite
;-)

Réponse 9 / 10

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
28 févr. 2008 à 20:59

salut il faut créer ton propre sujet
Merci

Réponse 10 / 10

FabioneKenoby
28 févr. 2008 à 10:23

Bonjour,
Bitdefender vient de me détecter un trojan Dropper Delf VT et je tente par tous les moyens (spybots, adware 2007, avg free...)de le supprimer mais IMPOSSIBLE est ce que vous pouvez m'aider Merci

Discussions similaires

Comment supprimer le virus Trojan

Virus : trojan:win32/wacatac.h!ml

Aide pour un virus

Trojan impossible à supprimer!

C'est quoi "Win32:Trojan-gen {Other}"