Message inscessant, fond ecran blanc, alert
Résolu
benoist14
Messages postés
3
Statut
Membre
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour, J ai depuis quelques jours des pages web qui s ouvrent sans arret avec des messages d alertes spywares, ordinateurs infesté j en passe et des meilleurs
j ai aussi une croix blanche sur fond rouge dans ma barre de tache.
J ai mon fond de bureau qui est blanc. j ai des icône qui ont disparues et qui ont apparue.
Merci de m aider.
Voici mon rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:26, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: pvnsmfor - {EEDEF161-573C-4CC0-83E5-1F4CD35BB459} - C:\WINDOWS\pvnsmfor.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min/nosplash
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [34a02311] rundll32.exe "C:\WINDOWS\system32\chxoqrvd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: vbksrofa - {5E5D7CC2-F5ED-4FD0-9FA8-4B245804A972} - C:\WINDOWS\vbksrofa.dll
O21 - SSODL: mpfanvqg - {39631E14-F8E2-465A-A400-9F841AAA2AD9} - C:\WINDOWS\mpfanvqg.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
j ai aussi une croix blanche sur fond rouge dans ma barre de tache.
J ai mon fond de bureau qui est blanc. j ai des icône qui ont disparues et qui ont apparue.
Merci de m aider.
Voici mon rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:26, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: pvnsmfor - {EEDEF161-573C-4CC0-83E5-1F4CD35BB459} - C:\WINDOWS\pvnsmfor.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min/nosplash
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [34a02311] rundll32.exe "C:\WINDOWS\system32\chxoqrvd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: vbksrofa - {5E5D7CC2-F5ED-4FD0-9FA8-4B245804A972} - C:\WINDOWS\vbksrofa.dll
O21 - SSODL: mpfanvqg - {39631E14-F8E2-465A-A400-9F841AAA2AD9} - C:\WINDOWS\mpfanvqg.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
A voir également:
- Message inscessant, fond ecran blanc, alert
- Double ecran - Guide
- Comment mettre une vidéo en fond d'écran - Guide
- Recuperer message whatsapp supprimé - Guide
- Capture d'écran whatsapp - Accueil - Messagerie instantanée
- Message absence thunderbird - Guide
4 réponses
Salut
avec HijackThis coche toutes ces cases:
Ensuite supprime ces fichiers:
Et en dernier supprime ce dossier:
Après redémarre.
Pense aussi à faire des scans en mode sans échec.
A+
avec HijackThis coche toutes ces cases:
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [34a02311] rundll32.exe "C:\WINDOWS\system32\chxoqrvd.dll",b
O3 - Toolbar: pvnsmfor - {EEDEF161-573C-4CC0-83E5-1F4CD35BB459} - C:\WINDOWS\pvnsmfor.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: vbksrofa - {5E5D7CC2-F5ED-4FD0-9FA8-4B245804A972} - C:\WINDOWS\vbksrofa.dll
O21 - SSODL: mpfanvqg - {39631E14-F8E2-465A-A400-9F841AAA2AD9} - C:\WINDOWS\mpfanvqg.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
Ensuite supprime ces fichiers:
C:\WINDOWS\system32\pr2ah4nc.exe C:\WINDOWS\vbksrofa.dll C:\WINDOWS\mpfanvqg.dll C:\WINDOWS\system32\chxoqrvd.dll C:\WINDOWS\system32\winsys2.exe C:\WINDOWS\pvnsmfor.dll
Et en dernier supprime ce dossier:
C:\WINDOWS\privacy_danger
Après redémarre.
Pense aussi à faire des scans en mode sans échec.
A+
bonjour, passe sdfix http://mickael.barroux.free.fr/securite/sdfix.php et puis combofix http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#3eme methode combofix
tu les passes en mode sans echec et tu passes malewarebytes https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
suivi de Ccleaner dans ses deux modes nettoyeur et registre https://www.malekal.com/tutoriel-ccleaner/
et tu remets un nouveau hijackthis merci
tu les passes en mode sans echec et tu passes malewarebytes https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
suivi de Ccleaner dans ses deux modes nettoyeur et registre https://www.malekal.com/tutoriel-ccleaner/
et tu remets un nouveau hijackthis merci
bonjour
svp pourrier vous me donner un coup de main et me dire ce qui ne va pas dans mon rapport (je n'arrive pas à le comprendre) pour pouvoir me débarasser de ce virus... je vous remercie d'avance...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:23, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5921F48B-AB45-4245-ABE3-51F04A0678A1} - C:\Windows\system32\fccyaBtq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: QXK Rhythm - {C50B4841-0478-449D-ACE1-8BCD54E784F8} - C:\Windows\fvowketqdsx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Saint-Coran Toolbar - {3526DA77-E31E-43DD-94E3-16170C0AF42F} - (no file)
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [advap32] C:\Users\KASSKI~1\AppData\Local\Temp\stdcons.exe/r
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcCrOEX.dll,#1
O4 - HKLM\..\Run: [b621af8c] rundll32.exe "C:\Windows\system32\ujlaywsd.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS7\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS9\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS10\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS11\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS12\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS13\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS14\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS15\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS16\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS17\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS18\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS19\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O21 - SSODL: vbksrofa - {E7FAD321-666D-4242-A5F6-F95EDC37B9FB} - C:\Windows\vbksrofa.dll
O21 - SSODL: mpfanvqg - {876880CA-1BE2-4EC9-9D85-3BC66E78021C} - C:\Windows\mpfanvqg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
svp pourrier vous me donner un coup de main et me dire ce qui ne va pas dans mon rapport (je n'arrive pas à le comprendre) pour pouvoir me débarasser de ce virus... je vous remercie d'avance...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:23, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5921F48B-AB45-4245-ABE3-51F04A0678A1} - C:\Windows\system32\fccyaBtq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: QXK Rhythm - {C50B4841-0478-449D-ACE1-8BCD54E784F8} - C:\Windows\fvowketqdsx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Saint-Coran Toolbar - {3526DA77-E31E-43DD-94E3-16170C0AF42F} - (no file)
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [advap32] C:\Users\KASSKI~1\AppData\Local\Temp\stdcons.exe/r
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcCrOEX.dll,#1
O4 - HKLM\..\Run: [b621af8c] rundll32.exe "C:\Windows\system32\ujlaywsd.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS7\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS9\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS10\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS11\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS12\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS13\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS14\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS15\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS16\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS17\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS18\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS19\Services\Tcpip\..\{001964AF-5BC8-4EE6-A93D-750CD06FD34C}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O21 - SSODL: vbksrofa - {E7FAD321-666D-4242-A5F6-F95EDC37B9FB} - C:\Windows\vbksrofa.dll
O21 - SSODL: mpfanvqg - {876880CA-1BE2-4EC9-9D85-3BC66E78021C} - C:\Windows\mpfanvqg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Je n arrive pas a supprimé ceux la:
C:\WINDOWS\vbksrofa.dll
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\system32\chxoqrvd.dll
Je peux le faire en mode sans echec?
Tu indiques le fichier à supprimer dans la zone de texte et tu cliques sur la croix blanche sur fond rouge.
https://www.generation-nt.com/killbox-telechargement-25430.html
Après si tout se passe bien le fichier est effacé sinon il sera effacé après redémarrage.
Fais ça tout les soirs. Pour CCleaner, chaque fin de semaine.
Aussi, tout les mois fais un scan du disque (CHKDSK /F dans exécuter) et une défragmentation (dfrg.msc dans exécuter) et ton Windows sera rapide comme une fusée.