Trojan.Win32.KillAV.fr

Résolu
jean6610 Messages postés 12 Date d'inscription   Statut Membre -  
jean6610 Messages postés 12 Date d'inscription   Statut Membre -
Bonjour,
J'ai été infecté par un virus trojan
J'ai utilisé diaghelp, kztecgs, navilog,vundofix !!!!!!!!
J'ai lancé l'outil conbofix en mpde sans échec, tout remarchais correctement et puis ce virus est réapparu.
Je ne sais comment faire alors
Configuration: Windows XP
Internet Explorer 7.0

16 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    _________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
  2. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    J'ai tout fait mais j'ai encore le meme probleme, grrrrrrrr.
    Suis allé sur bitdender por un scan ,il a bien détecté les virus mais ne peux désinfecter mon ordi !!!!!!!!
    0
  3. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 18:41:57, on 13/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\PC MF-F@X Driver\mfmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: {95b16e57-da81-80c8-7c14-06c4aa3ee704} - {407ee3aa-4c60-41c7-8c08-18ad75e61b59} - C:\WINDOWS\system32\slnpaccn.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {F611ED74-E173-4637-80CA-7AC5AA103E06} - C:\WINDOWS\system32\efcDWOET.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [mffaxmonitor] C:\Program Files\PC MF-F@X Driver\mfmon.exe /hide
    O4 - HKLM\..\Run: [BMd7011778] Rundll32.exe "C:\WINDOWS\system32\acgrhcls.dll",s
    O4 - HKLM\..\Run: [d43224e4] rundll32.exe "C:\WINDOWS\system32\lpovcopy.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst_fr.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
    O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: tuvVLfEu - tuvVLfEu.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: {95b16e57-da81-80c8-7c14-06c4aa3ee704} - {407ee3aa-4c60-41c7-8c08-18ad75e61b59} - C:\WINDOWS\system32\slnpaccn.dll
    O2 - BHO: (no name) - {F611ED74-E173-4637-80CA-7AC5AA103E06} - C:\WINDOWS\system32\efcDWOET.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [BMd7011778] Rundll32.exe "C:\WINDOWS\system32\acgrhcls.dll",s
    O4 - HKLM\..\Run: [d43224e4] rundll32.exe "C:\WINDOWS\system32\lpovcopy.dll",b

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst_fr.cab

    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
    O20 - Winlogon Notify: tuvVLfEu - tuvVLfEu.dll (file missing)

    _____________

    me coller le rapport bitdefender m'aurai aidé!!!!!

    ________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\system32\slnpaccn.dll
    C:\WINDOWS\system32\efcDWOET.dll
    C:\WINDOWS\system32\acgrhcls.dll
    C:\WINDOWS\system32\lpovcopy.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    _______________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    voici déja le rapport OTMove
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\slnpaccn.dll
    C:\WINDOWS\system32\slnpaccn.dll NOT unregistered.
    C:\WINDOWS\system32\slnpaccn.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcDWOET.dll
    C:\WINDOWS\system32\efcDWOET.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\efcDWOET.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\acgrhcls.dll
    C:\WINDOWS\system32\acgrhcls.dll NOT unregistered.
    C:\WINDOWS\system32\acgrhcls.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\lpovcopy.dll
    C:\WINDOWS\system32\lpovcopy.dll NOT unregistered.
    C:\WINDOWS\system32\lpovcopy.dll moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04132008_193410

    Files moved on Reboot...
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcDWOET.dll
    C:\WINDOWS\system32\efcDWOET.dll NOT unregistered.
    C:\WINDOWS\system32\efcDWOET.dll moved successfully.
    0
  7. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    voici le rapport de combofix
    ComboFix 08-04-12.10 - JEAN 2008-04-13 19:48:27.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.325 [GMT 2:00]
    Endroit: C:\Documents and Settings\JEAN\Bureau\KILLBLAGUE.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\TEOWDcfe.ini
    C:\WINDOWS\system32\TEOWDcfe.ini2
    C:\WINDOWS\system32\ypocvopl.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-13 19:34 . 2008-04-13 19:34 <REP> d-------- C:\_OTMoveIt
    2008-04-13 18:55 . 2008-04-13 18:56 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-13 11:50 . 2008-04-13 15:29 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-04-13 11:36 . 2008-04-13 19:28 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2008-04-13 10:59 . 2003-10-10 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-04-13 10:59 . 2003-10-10 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-04-13 10:59 . 2003-10-10 09:34 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-04-13 10:59 . 2003-10-10 09:56 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-04-13 10:59 . 2003-10-10 10:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-04-13 10:59 . 2003-10-10 09:56 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-04-13 10:59 . 2003-10-10 10:30 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-04-13 10:59 . 2006-12-13 00:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
    2008-04-13 10:59 . 2003-10-10 10:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
    2008-04-12 19:01 . 2008-04-12 19:01 29,028,450 --a------ C:\upload_moi_YOUR-LP16L31HVE.tar.gz
    2008-04-12 18:17 . 2008-04-12 18:18 199 --a------ C:\WINDOWS\DriverTwain.ini
    2008-04-12 17:20 . 2008-04-12 17:20 <REP> d-------- C:\VundoFix Backups
    2008-04-12 16:46 . 2008-04-12 19:17 <REP> d-------- C:\SDFix
    2008-04-12 16:39 . 2008-04-12 18:33 <REP> d-------- C:\Program Files\Navilog1
    2008-04-12 15:36 . 2003-02-04 11:14 143,360 --a------ C:\WINDOWS\system32\mfelm.dll
    2008-04-12 15:36 . 2003-02-04 11:41 58,568 --a------ C:\WINDOWS\system32\drivers\Mfxnt.sys
    2008-04-12 15:36 . 2003-02-04 11:13 53,248 --a------ C:\WINDOWS\system32\slps.dll
    2008-04-12 15:36 . 2008-04-13 19:52 15,960 --a------ C:\WINDOWS\Mffax.ini
    2008-04-12 15:33 . 2008-04-12 15:33 67 --a------ C:\WINDOWS\kit_pnp.ini
    2008-04-12 15:29 . 2003-02-04 12:19 49,152 --a------ C:\WINDOWS\system32\mfclinst.dll
    2008-04-12 15:24 . 2003-02-04 12:19 118,784 --a------ C:\WINDOWS\pnpinst.dll
    2008-04-12 15:24 . 2003-02-04 11:41 20,748 --a------ C:\WINDOWS\system32\drivers\Usbitf.sys
    2008-04-12 14:41 . 2008-04-12 14:41 <REP> d-------- C:\fsaua.data
    2008-04-12 09:17 . 2008-04-12 09:17 127 --a------ C:\WINDOWS\system32\MRT.INI
    2008-04-11 19:18 . 2008-04-11 19:18 20 --a------ C:\WINDOWS\InfModM.ini
    2008-04-11 19:15 . 2008-04-12 09:06 29 --a------ C:\WINDOWS\OP70.INI
    2008-04-11 19:06 . 2008-04-12 09:08 15 --a------ C:\WINDOWS\wgedit.ini
    2008-04-11 18:46 . 2008-04-11 18:46 315,776 --a------ C:\WINDOWS\system32\awtqnmND.dll
    2008-04-11 13:35 . 2008-04-11 13:35 88,640 --a------ C:\WINDOWS\system32\nikniavy.dll.bak
    2008-04-10 11:53 . 2008-04-13 19:33 101,129 --a------ C:\WINDOWS\BMd7011778.xml
    2008-04-10 11:53 . 2008-04-10 11:53 88,640 --a------ C:\WINDOWS\system32\gawdethw.dll.bak
    2008-04-09 12:46 . 2008-04-09 14:32 0 --a------ C:\WINDOWS\Capture
    2008-04-09 12:33 . 2008-04-12 10:56 <REP> d-------- C:\Program Files\Fichiers communs\Caere
    2008-04-09 12:33 . 2008-04-09 12:33 <REP> d-------- C:\Program Files\Caere
    2008-04-09 12:23 . 2008-04-12 15:36 <REP> d-------- C:\Program Files\PC MF-F@X Driver
    2008-04-04 17:11 . 2008-04-13 10:06 <REP> d-------- C:\Program Files\Incomplete
    2008-04-04 17:08 . 2008-04-13 10:01 <REP> d-------- C:\Program Files\LimeWire
    2008-04-04 11:33 . 2008-04-04 11:33 315,600 --a------ C:\WINDOWS\system32\yayaYrpM.dll
    2008-04-03 14:29 . 2008-04-03 14:29 315,648 --a------ C:\WINDOWS\system32\fccdaaAP.dll
    2008-04-02 20:32 . 2008-04-02 20:32 315,616 --a------ C:\WINDOWS\system32\fcccayax.dll
    2008-03-30 10:39 . 2008-04-05 08:18 162 --a------ C:\WINDOWS\wininit.ini
    2008-03-23 10:15 . 2008-03-23 10:15 17 --a------ C:\WINDOWS\Missing.ini
    2008-03-23 10:14 . 2008-03-23 10:14 32 --a------ C:\WINDOWS\CD-Start.INI
    2008-03-17 18:49 . 2008-04-12 20:16 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\LimeWire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-13 17:28 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-04-13 10:05 --------- d-----w C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
    2008-04-12 13:44 13,688 ----a-w C:\Documents and Settings\JEAN\Application Data\wklnhst.dat
    2008-04-12 08:58 --------- d-----w C:\Program Files\Larousse
    2008-04-12 08:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-12 06:43 --------- d-----w C:\Program Files\Motorola Phone Tools
    2008-04-12 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-04-09 12:07 --------- d-----w C:\Documents and Settings\JEAN\Application Data\AdobeUM
    2008-03-27 07:12 --------- d-----w C:\Program Files\eMule
    2008-03-27 07:11 --------- d-----w C:\Program Files\Ludiclub
    2008-03-27 07:11 --------- d-----w C:\Program Files\Canon
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-07 10:54 --------- d-----w C:\Program Files\Google
    2008-03-05 07:32 --------- d-----w C:\Program Files\Java
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-01-25 13:07 100,584 ----a-w C:\Documents and Settings\JEAN\Application Data\GDIPFONTCACHEV1.DAT
    2007-03-31 08:53 92,064 ----a-w C:\Documents and Settings\JEAN\mqdmmdm.sys
    2007-03-31 08:53 9,232 ----a-w C:\Documents and Settings\JEAN\mqdmmdfl.sys
    2007-03-31 08:53 79,328 ----a-w C:\Documents and Settings\JEAN\mqdmserd.sys
    2007-03-31 08:53 66,656 ----a-w C:\Documents and Settings\JEAN\mqdmbus.sys
    2007-03-31 08:53 6,208 ----a-w C:\Documents and Settings\JEAN\mqdmcmnt.sys
    2007-03-31 08:53 5,936 ----a-w C:\Documents and Settings\JEAN\mqdmwhnt.sys
    2007-03-31 08:53 4,048 ----a-w C:\Documents and Settings\JEAN\mqdmcr.sys
    2007-03-31 08:53 25,600 ----a-w C:\Documents and Settings\JEAN\usbsermptxp.sys
    2007-03-31 08:53 22,768 ----a-w C:\Documents and Settings\JEAN\usbsermpt.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-13_11.19.41.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2002-08-30 20:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
    + 2002-08-28 23:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
    + 2003-10-10 07:47:44 2,387 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.bat
    + 2008-04-13 09:50:29 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-04-13 09:50:30 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-04-13 09:50:30 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-04-13 09:50:33 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-04-13 09:50:33 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-04-13 09:50:30 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    + 2008-04-13 17:53:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    + 2008-04-12 17:16:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-04-13 16:56:16 5,271,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-04-13 16:56:16 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-04-12 17:16:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-04-13 16:55:59 5,271,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-04-13 16:55:59 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
    + 2006-12-20 14:21:30 2,048 ----a-r C:\WINDOWS\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\msd82ico.exe
    + 2006-12-20 14:21:30 2,048 ----a-r C:\WINDOWS\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\wa32ico.exe
    + 2006-10-23 16:13:41 1,518 ----a-r C:\WINDOWS\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_16496df1.exe
    + 2006-10-23 16:13:41 2,550 ----a-r C:\WINDOWS\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_18be6784.exe
    + 2006-11-12 16:34:26 2,560 ----a-r C:\WINDOWS\Installer\{911B040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2003-08-01 13:06:50 2,792 ----a-w C:\WINDOWS\oemdrv\stfindcs.sys
    + 2003-09-03 12:17:58 1,701 ----a-w C:\WINDOWS\oemdrv\wlan.cmd
    + 2004-08-19 14:23:26 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
    + 2004-08-03 21:07:58 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
    + 2002-08-30 20:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
    + 2002-08-30 20:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
    + 2002-08-30 20:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
    + 2002-08-30 20:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
    + 2004-08-19 14:23:26 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
    + 2004-08-03 21:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
    + 2002-08-30 20:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
    + 2002-08-30 20:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
    + 2002-08-30 20:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
    + 2002-08-30 20:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
    + 2002-08-30 20:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
    + 2002-08-30 20:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
    + 2002-08-30 20:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
    + 2002-08-30 20:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
    + 2002-08-30 20:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{400B8DF7-DD3D-4173-9B2F-9473292FB1D0}]
    C:\WINDOWS\system32\efcDWOET.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{407ee3aa-4c60-41c7-8c08-18ad75e61b59}]
    C:\WINDOWS\system32\slnpaccn.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 17:19 65536]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 19:06 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 18:00 4861952]
    "nwiz"="nwiz.exe" [2003-09-24 18:00 323584 C:\WINDOWS\system32\nwiz.exe]
    "00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2003-05-23 14:20 253952]
    "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
    "TFNF5"="TFNF5.exe" [2003-07-18 17:41 73728 C:\WINDOWS\system32\TFNF5.exe]
    "SigmaTel StacMon"="C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe" [2003-08-03 16:01 86073]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 19:25 110592]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 19:23 614400]
    "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 13:58 122880]
    "LTSMMSG"="LTSMMSG.exe" [2003-04-18 10:06 32768 C:\WINDOWS\ltsmmsg.exe]
    "TPSMain"="TPSMain.exe" [2003-10-02 13:42 266240 C:\WINDOWS\system32\TPSMain.exe]
    "TFncKy"="TFncKy.exe" []
    "NDSTray.exe"="NDSTray.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Drag'n'Drop_Autolaunch"="C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" [2003-09-15 11:07 118784]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46 172032]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 02:04 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-29 16:42 282624]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]
    "Drag'n Drop CD+DVD"="C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-08-08 18:54 1175552]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2005-06-27 16:36 2433086]
    "NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [ ]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "mffaxmonitor"="C:\Program Files\PC MF-F@X Driver\mfmon.exe" [2003-02-04 11:39 839680]
    "d43224e4"="C:\WINDOWS\system32\lpovcopy.dll" [ ]
    "BMd7011778"="C:\WINDOWS\system32\acgrhcls.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVLfEu]
    tuvVLfEu.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Securitoo\\av_fw\\backweb\\6588780\\Program\\fspex.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\JEAN\\Application Data\\FPSJRE\\bin\\java.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:eMule : TCP Entrant
    "4672:UDP"= 4672:UDP:eMule : UDP Entrant

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R1 mfxnt;mfxnt;C:\WINDOWS\system32\drivers\mfxnt.sys [2003-02-04 11:41]
    R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE [2006-10-23 21:57]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-03-20 16:53]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
    R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-09-17 16:12]
    R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2003-05-14 17:38]
    R3 usbitf;Multi-function driver;C:\WINDOWS\system32\Drivers\usbitf.sys [2003-02-04 11:41]
    S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
    S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2003-02-12 09:03]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83b55930-ec35-11dc-9e34-000e354d2b24}]
    \Shell\AutoRun\command - E:\setup.exe AUTORUN=1

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
    C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-11 11:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-11 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-04-13 04:41:42 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tƒche ajout‚e par F-Secure Anti-Virus.
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-13 19:54:38
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\FWES\program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSRW.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSAV32.exe
    C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\FSAW.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-13 20:02:33 - machine was rebooted [JEAN]
    ComboFix-quarantined-files.txt 2008-04-13 18:02:15
    ComboFix2.txt 2008-04-13 13:27:39
    ComboFix3.txt 2008-04-13 09:20:53
    ComboFix4.txt 2008-04-12 17:54:39
    ComboFix5.txt 2008-04-12 15:18:56
    Pre-Run: 35,931,553,792 octets libres
    Post-Run: 35,899,129,856 octets libres
    .
    2008-04-13 05:01:32 --- E O F ---
    0
  8. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    et le dernier rapport hikackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 20:05:36, on 13/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\PC MF-F@X Driver\mfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {400B8DF7-DD3D-4173-9B2F-9473292FB1D0} - C:\WINDOWS\system32\efcDWOET.dll (file missing)
    O2 - BHO: {95b16e57-da81-80c8-7c14-06c4aa3ee704} - {407ee3aa-4c60-41c7-8c08-18ad75e61b59} - C:\WINDOWS\system32\slnpaccn.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [mffaxmonitor] C:\Program Files\PC MF-F@X Driver\mfmon.exe /hide
    O4 - HKLM\..\Run: [d43224e4] rundll32.exe "C:\WINDOWS\system32\lpovcopy.dll",b
    O4 - HKLM\..\Run: [BMd7011778] Rundll32.exe "C:\WINDOWS\system32\acgrhcls.dll",s
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: tuvVLfEu - tuvVLfEu.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: (no name) - {400B8DF7-DD3D-4173-9B2F-9473292FB1D0} - C:\WINDOWS\system32\efcDWOET.dll (file missing)
    O2 - BHO: {95b16e57-da81-80c8-7c14-06c4aa3ee704} - {407ee3aa-4c60-41c7-8c08-18ad75e61b59} - C:\WINDOWS\system32\slnpaccn.dll (file missing)

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [d43224e4] rundll32.exe "C:\WINDOWS\system32\lpovcopy.dll",b
    O4 - HKLM\..\Run: [BMd7011778] Rundll32.exe "C:\WINDOWS\system32\acgrhcls.dll",s

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O20 - Winlogon Notify: tuvVLfEu - tuvVLfEu.dll (file missing)

    _____________________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\efcDWOET.dll
    C:\WINDOWS\system32\slnpaccn.dll
    C:\WINDOWS\system32\lpovcopy.dll
    C:\WINDOWS\system32\acgrhcls.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{400B8DF7-DD3D-4173-9B2F-9473292FB1D0}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{407ee3aa-4c60-41c7-8c08-18ad75e61b59}]
    "d43224e4"=-
    "BMd7011778"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis (faire avec le lien hijackthis donné apres car la version que tu me colle est ancienne)

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ________________

    hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    ____________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
  10. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    Bonjour
    Le systeme remarchebien depuis hier soir 21H. Je n'ai plus de blocage et plus de fenetres intempestives dans IE7.
    Je vous envoie les 3 rapports : combofux, hijackthis et le scan sous bitdefender.
    Merci encore de votre aide précieuse

    ComboFix 08-04-12.10 - JEAN 2008-04-14 1:50:34.7 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.262 [GMT 2:00]
    Endroit: C:\Documents and Settings\JEAN\Bureau\KILLBLAGUE.exe
    Command switches used :: C:\Documents and Settings\JEAN\Bureau\CFscript
    * Création d'un nouveau point de restauration
    * Resident AV is active

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\acgrhcls.dll
    C:\WINDOWS\system32\efcDWOET.dll
    C:\WINDOWS\system32\lpovcopy.dll
    C:\WINDOWS\system32\slnpaccn.dll
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-13 22:01 . 2008-04-13 23:10 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-13 19:34 . 2008-04-13 19:34 <REP> d-------- C:\_OTMoveIt
    2008-04-13 18:55 . 2008-04-13 18:56 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-13 11:50 . 2008-04-13 15:29 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-04-13 11:36 . 2008-04-13 20:49 <REP> d-------- C:\Program Files\Hijackthis Version Française
    2008-04-13 10:59 . 2003-10-10 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-04-13 10:59 . 2003-10-10 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-04-13 10:59 . 2003-10-10 09:34 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-04-13 10:59 . 2003-10-10 09:56 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-04-13 10:59 . 2003-10-10 10:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-04-13 10:59 . 2003-10-10 09:56 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-04-13 10:59 . 2003-10-10 10:30 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-04-13 10:59 . 2006-12-13 00:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
    2008-04-13 10:59 . 2003-10-10 10:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
    2008-04-12 19:01 . 2008-04-12 19:01 29,028,450 --a------ C:\upload_moi_YOUR-LP16L31HVE.tar.gz
    2008-04-12 18:17 . 2008-04-12 18:18 199 --a------ C:\WINDOWS\DriverTwain.ini
    2008-04-12 17:20 . 2008-04-12 17:20 <REP> d-------- C:\VundoFix Backups
    2008-04-12 16:46 . 2008-04-12 19:17 <REP> d-------- C:\SDFix
    2008-04-12 16:39 . 2008-04-12 18:33 <REP> d-------- C:\Program Files\Navilog1
    2008-04-12 15:36 . 2003-02-04 11:14 143,360 --a------ C:\WINDOWS\system32\mfelm.dll
    2008-04-12 15:36 . 2003-02-04 11:41 58,568 --a------ C:\WINDOWS\system32\drivers\Mfxnt.sys
    2008-04-12 15:36 . 2003-02-04 11:13 53,248 --a------ C:\WINDOWS\system32\slps.dll
    2008-04-12 15:36 . 2008-04-13 21:45 15,960 --a------ C:\WINDOWS\Mffax.ini
    2008-04-12 15:33 . 2008-04-12 15:33 67 --a------ C:\WINDOWS\kit_pnp.ini
    2008-04-12 15:29 . 2003-02-04 12:19 49,152 --a------ C:\WINDOWS\system32\mfclinst.dll
    2008-04-12 15:24 . 2003-02-04 12:19 118,784 --a------ C:\WINDOWS\pnpinst.dll
    2008-04-12 15:24 . 2003-02-04 11:41 20,748 --a------ C:\WINDOWS\system32\drivers\Usbitf.sys
    2008-04-12 14:41 . 2008-04-12 14:41 <REP> d-------- C:\fsaua.data
    2008-04-12 09:17 . 2008-04-12 09:17 127 --a------ C:\WINDOWS\system32\MRT.INI
    2008-04-11 19:18 . 2008-04-11 19:18 20 --a------ C:\WINDOWS\InfModM.ini
    2008-04-11 19:15 . 2008-04-12 09:06 29 --a------ C:\WINDOWS\OP70.INI
    2008-04-11 19:06 . 2008-04-12 09:08 15 --a------ C:\WINDOWS\wgedit.ini
    2008-04-11 18:46 . 2008-04-11 18:46 315,776 --a------ C:\WINDOWS\system32\awtqnmND.dll
    2008-04-11 13:35 . 2008-04-11 13:35 88,640 --a------ C:\WINDOWS\system32\nikniavy.dll.bak
    2008-04-10 11:53 . 2008-04-13 19:33 101,129 --a------ C:\WINDOWS\BMd7011778.xml
    2008-04-10 11:53 . 2008-04-10 11:53 88,640 --a------ C:\WINDOWS\system32\gawdethw.dll.bak
    2008-04-09 12:46 . 2008-04-09 14:32 0 --a------ C:\WINDOWS\Capture
    2008-04-09 12:33 . 2008-04-12 10:56 <REP> d-------- C:\Program Files\Fichiers communs\Caere
    2008-04-09 12:33 . 2008-04-09 12:33 <REP> d-------- C:\Program Files\Caere
    2008-04-09 12:23 . 2008-04-12 15:36 <REP> d-------- C:\Program Files\PC MF-F@X Driver
    2008-04-04 17:11 . 2008-04-13 10:06 <REP> d-------- C:\Program Files\Incomplete
    2008-04-04 17:08 . 2008-04-13 10:01 <REP> d-------- C:\Program Files\LimeWire
    2008-04-04 11:33 . 2008-04-04 11:33 315,600 --a------ C:\WINDOWS\system32\yayaYrpM.dll
    2008-04-03 14:29 . 2008-04-03 14:29 315,648 --a------ C:\WINDOWS\system32\fccdaaAP.dll
    2008-04-02 20:32 . 2008-04-02 20:32 315,616 --a------ C:\WINDOWS\system32\fcccayax.dll
    2008-03-30 10:39 . 2008-04-05 08:18 162 --a------ C:\WINDOWS\wininit.ini
    2008-03-23 10:15 . 2008-03-23 10:15 17 --a------ C:\WINDOWS\Missing.ini
    2008-03-23 10:14 . 2008-03-23 10:14 32 --a------ C:\WINDOWS\CD-Start.INI
    2008-03-17 18:49 . 2008-04-12 20:16 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\LimeWire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-13 19:19 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-04-13 18:53 13,836 ----a-w C:\Documents and Settings\JEAN\Application Data\wklnhst.dat
    2008-04-13 10:05 --------- d-----w C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
    2008-04-12 08:58 --------- d-----w C:\Program Files\Larousse
    2008-04-12 08:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-12 06:43 --------- d-----w C:\Program Files\Motorola Phone Tools
    2008-04-12 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-04-09 12:07 --------- d-----w C:\Documents and Settings\JEAN\Application Data\AdobeUM
    2008-03-27 07:12 --------- d-----w C:\Program Files\eMule
    2008-03-27 07:11 --------- d-----w C:\Program Files\Ludiclub
    2008-03-27 07:11 --------- d-----w C:\Program Files\Canon
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-07 10:54 --------- d-----w C:\Program Files\Google
    2008-03-05 14:30 97,288 ------w C:\DSETUP.dll
    2008-03-05 14:30 527,880 ------w C:\DXSETUP.exe
    2008-03-05 14:30 1,694,728 ------w C:\dsetup32.dll
    2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
    2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
    2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
    2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-03-05 07:32 --------- d-----w C:\Program Files\Java
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-05 21:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
    2008-01-25 13:07 100,584 ----a-w C:\Documents and Settings\JEAN\Application Data\GDIPFONTCACHEV1.DAT
    2007-03-31 08:53 92,064 ----a-w C:\Documents and Settings\JEAN\mqdmmdm.sys
    2007-03-31 08:53 9,232 ----a-w C:\Documents and Settings\JEAN\mqdmmdfl.sys
    2007-03-31 08:53 79,328 ----a-w C:\Documents and Settings\JEAN\mqdmserd.sys
    2007-03-31 08:53 66,656 ----a-w C:\Documents and Settings\JEAN\mqdmbus.sys
    2007-03-31 08:53 6,208 ----a-w C:\Documents and Settings\JEAN\mqdmcmnt.sys
    2007-03-31 08:53 5,936 ----a-w C:\Documents and Settings\JEAN\mqdmwhnt.sys
    2007-03-31 08:53 4,048 ----a-w C:\Documents and Settings\JEAN\mqdmcr.sys
    2007-03-31 08:53 25,600 ----a-w C:\Documents and Settings\JEAN\usbsermptxp.sys
    2007-03-31 08:53 22,768 ----a-w C:\Documents and Settings\JEAN\usbsermpt.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-13_20.01.23.87 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-13 20:11:54 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-04-13 20:11:55 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-04-13 20:11:55 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-04-13 20:11:35 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:37 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:39 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:40 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:41 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:42 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:43 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:44 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:44 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:56 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-13 20:11:56 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-04-13 20:11:57 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-04-13 20:11:57 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-04-13 20:11:57 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-04-13 20:11:54 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2008-04-13 17:53:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-13 19:02:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2007-06-15 07:02:06 632,392 ----a-w C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
    + 2004-08-19 14:09:20 24,064 ----a-w C:\WINDOWS\LastGood\msagent\AgentAnm.dll
    + 2004-08-19 14:09:20 214,016 ----a-w C:\WINDOWS\LastGood\msagent\AgentCtl.dll
    + 2006-10-12 13:55:58 42,496 ----a-w C:\WINDOWS\LastGood\msagent\AgentDp2.dll
    + 2007-03-09 14:00:38 57,344 ----a-w C:\WINDOWS\LastGood\msagent\AgentDPv.dll
    + 2004-08-19 14:09:20 49,152 ----a-w C:\WINDOWS\LastGood\msagent\AgentMPx.dll
    + 2004-08-19 14:09:20 24,064 ----a-w C:\WINDOWS\LastGood\msagent\AgentPsh.dll
    + 2004-08-19 14:09:20 44,032 ----a-w C:\WINDOWS\LastGood\msagent\AgentSR.dll
    + 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\LastGood\msagent\AgentSvr.exe
    + 2002-08-30 20:00:00 19,456 ----a-w C:\WINDOWS\LastGood\msagent\intl\Agt0409.dll
    + 2004-08-19 14:09:34 39,936 ----a-w C:\WINDOWS\LastGood\msagent\mslwvtts.dll
    + 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
    + 2006-09-28 14:03:28 15,128 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_1.dll
    + 2007-06-20 18:45:20 18,280 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_2.dll
    + 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
    + 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
    + 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
    + 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
    + 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
    + 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
    + 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
    + 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
    + 2008-03-19 17:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    + 2008-03-19 17:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\swdir.dll
    + 2008-03-19 17:36:40 67,000 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDnld.exe
    + 2008-03-19 17:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
    + 2008-03-19 16:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
    + 2008-03-19 17:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
    + 2008-03-19 16:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
    + 2008-03-19 16:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
    + 2008-03-19 16:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
    + 2008-03-19 16:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
    + 2008-03-19 17:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
    + 2008-03-19 17:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
    + 2008-03-19 17:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
    + 2008-03-19 17:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
    + 2008-03-19 17:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
    + 2008-03-19 16:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
    + 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
    + 2007-03-12 14:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
    + 2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
    + 2007-07-19 16:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
    + 2007-10-12 13:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    + 2007-03-15 14:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
    + 2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
    + 2007-07-19 16:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
    + 2007-10-02 07:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
    + 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
    + 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
    + 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
    + 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
    + 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
    + 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
    + 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
    + 2006-09-28 14:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
    + 2006-11-29 11:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
    + 2007-03-12 14:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
    + 2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
    + 2007-07-19 16:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
    + 2007-10-12 13:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
    - 2007-10-11 13:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
    + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
    + 2002-01-09 00:28:02 32,768 ----a-w C:\WINDOWS\system32\Macromed\Director\swdir_bckup.dll
    + 2007-12-03 14:39:18 112,016 ----a-w C:\WINDOWS\system32\Macromed\Download\Download.dll
    + 2007-12-04 00:39:16 67,984 ----a-w C:\WINDOWS\system32\Macromed\Download\Download.exe
    + 2007-12-03 14:39:18 59,717 ----a-w C:\WINDOWS\system32\Macromed\Download\Install.exe
    + 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
    - 2008-02-29 13:38:30 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    + 2008-04-13 21:11:01 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    + 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
    + 2007-03-05 10:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
    + 2007-10-22 01:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    + 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
    + 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
    + 2007-10-22 01:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
    + 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
    + 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
    + 2006-09-28 14:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
    + 2006-12-08 10:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
    + 2007-01-24 13:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
    + 2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
    + 2007-06-20 18:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
    + 2007-07-19 22:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
    + 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
    + 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
    + 2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
    + 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 17:19 65536]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 19:06 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 18:00 4861952]
    "00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2003-05-23 14:20 253952]
    "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
    "TFNF5"="TFNF5.exe" [2003-07-18 17:41 73728 C:\WINDOWS\system32\TFNF5.exe]
    "SigmaTel StacMon"="C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe" [2003-08-03 16:01 86073]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 19:25 110592]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 19:23 614400]
    "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 13:58 122880]
    "LTSMMSG"="LTSMMSG.exe" [2003-04-18 10:06 32768 C:\WINDOWS\ltsmmsg.exe]
    "TPSMain"="TPSMain.exe" [2003-10-02 13:42 266240 C:\WINDOWS\system32\TPSMain.exe]
    "TFncKy"="TFncKy.exe" []
    "NDSTray.exe"="NDSTray.exe" []
    "Drag'n'Drop_Autolaunch"="C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" [2003-09-15 11:07 118784]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46 172032]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 02:04 32768]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]
    "Drag'n Drop CD+DVD"="C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-08-08 18:54 1175552]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [ ]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "mffaxmonitor"="C:\Program Files\PC MF-F@X Driver\mfmon.exe" [2003-02-04 11:39 839680]
    "BMd7011778"="C:\WINDOWS\system32\acgrhcls.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-23 18:01:39 114688]
    Antivirus Firewall.lnk - C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe [2006-10-23 21:57:15 32807]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Securitoo\\av_fw\\backweb\\6588780\\Program\\fspex.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\JEAN\\Application Data\\FPSJRE\\bin\\java.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:eMule : TCP Entrant
    "4672:UDP"= 4672:UDP:eMule : UDP Entrant

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R1 mfxnt;mfxnt;C:\WINDOWS\system32\drivers\mfxnt.sys [2003-02-04 11:41]
    R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE [2006-10-23 21:57]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-03-20 16:53]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
    R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-09-17 16:12]
    R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2003-05-14 17:38]
    R3 usbitf;Multi-function driver;C:\WINDOWS\system32\Drivers\usbitf.sys [2003-02-04 11:41]
    S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
    S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2003-02-12 09:03]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83b55930-ec35-11dc-9e34-000e354d2b24}]
    \Shell\AutoRun\command - E:\setup.exe AUTORUN=1

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
    C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-11 11:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-11 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-04-13 04:41:42 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus.
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-14 01:56:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    Temps d'accomplissement: 2008-04-14 1:57:29
    ComboFix-quarantined-files.txt 2008-04-13 23:57:23
    ComboFix2.txt 2008-04-13 18:02:34
    ComboFix3.txt 2008-04-13 13:27:39
    ComboFix4.txt 2008-04-13 09:20:53
    ComboFix5.txt 2008-04-12 17:54:39
    Pre-Run: 36,070,883,328 octets libres
    Post-Run: 36,060,270,592 octets libres
    .
    2008-04-13 05:01:32 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:13:17, on 14/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\PC MF-F@X Driver\mfmon.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\JEAN\Bureau\HiJackThis\EDEN.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [mffaxmonitor] C:\Program Files\PC MF-F@X Driver\mfmon.exe /hide
    O4 - HKLM\..\Run: [BMd7011778] Rundll32.exe "C:\WINDOWS\system32\acgrhcls.dll",s
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0
  11. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    re
    Tout marche bien depuis ce matin 7h.
    Mais comment se fait t'il que mes commandes de fonction ne marchent plus (portable toshiba satellite M30) ???
    A bientot
    Et encore merci
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    __________
    lance zeb restore et repare le registre
    http://telechargement.zebulon.fr/zeb-restore.html
    _________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : https://www.informatruc.com
    0
  13. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 599

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 126881
    Temps écoulé: 1 hour(s), 6 minute(s), 55 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Casino Tropez (Adware.Casino) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd7011778 (Trojan.Agent) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> No action taken.

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Program Files\HbTools\Bin\4.8.7.0\dBenderC.dll.vir (Adware.Hotbar) -> No action taken.
    C:\System Volume Information\_restore{55317C12-02FA-4961-918D-6F6CCC0C5AE2}\RP441\A0068993.dll (Adware.Hotbar) -> No action taken.
    C:\System Volume Information\_restore{55317C12-02FA-4961-918D-6F6CCC0C5AE2}\RP442\A0069133.dll (Adware.Hotbar) -> No action taken.
    C:\System Volume Information\_restore{55317C12-02FA-4961-918D-6F6CCC0C5AE2}\RP444\A0069348.dll (Adware.Hotbar) -> No action taken.
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est dans le dossier quarantine

    C:\QooBox\Quarantine

    _____________________

    lance zeb restore et repare le registre
    http://telechargement.zebulon.fr/zeb-restore.html

    _________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : https://www.informatruc.com
    0
  15. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    c'est fait
    merci pour tout
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok bonne suite!
    0
  17. jean6610 Messages postés 12 Date d'inscription   Statut Membre
     
    encore bravo pour ton explication et tes solutions
    0