Infectée par Antivirus 360 Help please !

mekesketufe -  
 mkmk -
Bonjour,

Vu dans le forum, ne suis pas la seule mais chacun doit faire un post séparé alors voici le mien.

Quelqu'un peut-il m'aider ?

C'est l'enfer et oui j'ai avast comme anti virus... Désolée...
Configuration: Windows XP
Firefox 3.0.4

5 réponses

  1. Utilisateur anonyme
     
    Bonsoir,
    Je prend la suite.

    1/ Redémarre ton pc.

    2/

    ● Télécharge DDS.scr de sUBs sur le bureau.

    (!) L'outil ne nécessite pas d'installation.

    Lances-le en cliquant sur l'icône dds.scr.

    Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg

    ● Le scan ne doit pas dépasser trois minutes.
    ● Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
    ● Il te sera demandé si tu veux faire le scan optionnel.
    Accepte par Oui

    ● Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
    Tu ne le fourniras que si nécessaire.
    Poste moi le rapport DDS.txt.

    ++

    1
    1. mekesketufe
       
      Merci pour ton aide. Voici le DDX.txt :


      DDS (Version 1.0.1) - NTFSx86
      Run by Administrateur at 21:32:23,18 on 12/12/2008
      Internet Explorer: 7.0.5730.11
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.343 [GMT 1:00]

      ============== Running Processes ===============

      C:\WINDOWS\system32\svchost -k DcomLaunch
      C:\WINDOWS\system32\svchost -k rpcss
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k LocalService
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\UberIcon\UberIcon Manager.exe
      C:\WINDOWS\system32\topdesk.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\PowerISO\PWRISOVM.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Documents and Settings\Administrateur.75A4EC02E2E3445\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe -k imgsvc
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\IncrediMail\bin\IMApp.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Crazy Browser\Crazy Browser.exe
      C:\Documents and Settings\Administrateur.75A4EC02E2E3445\Bureau\dds.scr
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ============== Pseudo HJT Report ===============

      uWindow Title = Windows Ultimate Edition
      uSearch Page = hxxp://www.google.fr
      uSearch Bar = hxxp://www.google.fr/ie
      uStart Page =
      uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
      mDefault_Page_URL = hxxp://www.google.fr
      mDefault_Search_URL = hxxp://www.google.fr
      mSearch Page = hxxp://www.google.fr
      mStart Page = hxxp://www.google.fr
      uInternet Settings,ProxyOverride = *.local
      uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
      mSearchAssistant = hxxp://www.google.fr/ie
      mWinlogon: SfcDisable=-99 (0xffffff9d)
      BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
      BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
      BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
      BHO: {B67C9424-6E17-421C-8EFD-98709D441026} - c:\windows\system32\urqPfCTk.dll
      TB: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - c:\program files\styler\tb\StylerTB.dll
      uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
      uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
      uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
      uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
      uRun: [PhotoJoy] c:\program files\photojoy\bin\PhotoJoy.exe /c
      uRun: [Google Update] "c:\documents and settings\administrateur.75a4ec02e2e3445\local settings\application data\google\update\GoogleUpdate.exe" /c
      uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
      mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
      mRun: [nwiz] nwiz.exe /install
      mRun: [UberIcon] "c:\program files\ubericon\UberIcon Manager.exe"
      mRun: [VisualTaskTips] c:\windows\system32\VisualTaskTips.exe
      mRun: [TransBar] c:\windows\system32\TransBar.exe /s
      mRun: [Styler] c:\program files\styler\Styler.exe
      mRun: [TopDesk] c:\windows\system32\topdesk.exe
      mRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
      mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
      mRun: [EPSON Stylus DX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
      mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
      mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
      mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
      mRun: [SoundMan] SOUNDMAN.EXE
      mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
      mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
      mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
      mRun: [AppleSyncNotifier] c:\program files\fichiers communs\apple\mobile device support\bin\AppleSyncNotifier.exe
      mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
      mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
      mRun: [QuickTime Task] "c:\program files\k-lite codec pack\quicktime\QTTask.exe" -atboottime
      mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
      mRun: [zzz_ImInstaller_FreeEcardMovies] "c:\documents and settings\administrateur.75a4ec02e2e3445\local settings\temp\iminstaller\freeecardmovies\FreeEcardMovies_Install.exe" -startup -product FreeEcardMovies -skip_dialog language -report -cluster 551 -msc 77777 -ffmsc 45678
      mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
      dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
      StartupFolder: c:\docume~1\admini~1.75a\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
      uPolicies-explorer: NoSMHelp = 1 (0x1)
      dPolicies-explorer: NoSMHelp = 1 (0x1)
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
      IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
      IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
      IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
      IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
      AppInit_DLLs: bgszxv.dll qwylfd.dll nodcun.dll thredv.dll zhzujk.dll

      ================= FIREFOX ===================

      FF - ProfilePath - c:\docume~1\admini~1.75a\applic~1\mozilla\firefox\profiles\2rp96lkd.default\
      FF - prefs.js: browser.startup.homepage - www.google.fr

      ============= SERVICES / DRIVERS ===============

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-7-7 111184]
      R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-7-7 611664]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-7-7 20560]
      R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2007-10-26 155160]
      R2 Iprip;Écouteur RIP;c:\windows\system32\svchost.exe -k netsvcs [2004-8-28 14336]
      R3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2007-10-26 254040]
      R3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2007-10-26 352920]
      S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-6-26 576680]

      =============== Created Last 30 ================

      2008-12-12 13:01 <DIR> --d----- c:\docume~1\admini~1.75a\applic~1\Malwarebytes
      2008-12-12 13:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
      2008-12-12 13:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
      2008-12-12 13:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
      2008-12-12 13:01 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
      2008-12-12 12:50 <DIR> --d----- c:\program files\Trend Micro
      2008-12-12 10:26 <DIR> --d----- c:\program files\Enigma Software Group
      2008-12-10 10:28 106,496 a------- c:\windows\system32\thredv.dll
      2008-12-10 10:28 106,496 a------- c:\windows\system32\guyjlihh.dll
      2008-12-07 13:00 268 a---h--- C:\sqmdata02.sqm
      2008-12-07 13:00 268 a---h--- C:\sqmdata01.sqm
      2008-12-07 13:00 244 a---h--- C:\sqmnoopt01.sqm
      2008-12-07 13:00 136 a---h--- C:\sqmnoopt02.sqm
      2008-12-05 17:09 550,933 a--sh--- c:\windows\system32\kTCfPqru.ini2
      2008-12-05 14:37 106,496 a------- c:\windows\system32\gibipxgf.dll
      2008-12-04 14:34 550,933 a--sh--- c:\windows\system32\kTCfPqru.ini
      2008-12-04 09:08 <DIR> --d----- c:\program files\iPod
      2008-12-04 09:08 <DIR> --d----- c:\program files\iTunes
      2008-12-04 09:08 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      2008-12-01 15:09 30,592 a------- c:\windows\system32\drivers\rndismpx.sys
      2008-12-01 15:09 12,800 a------- c:\windows\system32\drivers\usb8023x.sys
      2008-12-01 15:08 <DIR> --d----- c:\program files\Microsoft ActiveSync
      2008-12-01 15:08 <DIR> --d----- c:\program files\Windows Mobile Device Handbook
      2008-11-25 18:12 <DIR> --d----- c:\documents and settings\administrateur.75a4ec02e2e3445\.xmoto
      2008-11-25 18:12 <DIR> --d----- c:\program files\XMoto
      2008-11-22 20:28 <DIR> --d----- c:\program files\Unity
      2008-11-14 21:20 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Age of Empires 3
      2008-11-14 19:53 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
      2008-11-14 19:45 <DIR> --d----- c:\program files\Microsoft Games
      2008-11-14 19:29 <DIR> --d----- c:\program files\PowerISO
      2008-11-14 13:44 <DIR> --d----- c:\docume~1\admini~1.75a\applic~1\OpenOffice.org
      2008-11-14 00:10 <DIR> --d----- c:\program files\JRE
      2008-11-14 00:10 <DIR> --d----- c:\program files\OpenOffice.org 3

      ==================== Find3M ====================

      2008-12-04 15:33 465,206 a------- c:\windows\system32\perfh00C.dat
      2008-12-04 15:33 73,570 a------- c:\windows\system32\perfc00C.dat
      2008-11-02 09:44 56,572 a------- c:\windows\system32\drivers\scdemu.sys
      2008-09-17 20:35 507,904 a------- c:\windows\TMUPDATE.DLL
      2008-09-17 20:35 69,689 a------- c:\windows\UNZIP.DLL
      2008-09-17 20:35 286,720 a------- c:\windows\PATCH.EXE
      2008-08-18 09:30 23 a--sh--- c:\windows\system32\aaebc6_g.dll

      ============= FINISH: 21:32:51,43 ===============
      0
  2. Utilisateur anonyme
     
    Bonjour,

    Bon on te pardonne .

    Fait ceci:

    ▶ Télécharge hijackthis

    ▶ Enregistre la cible sous .... "le bureau"

    ▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

    ▶ Clique sur Install ensuite sur "I Accept"

    ▶ Clique sur" Do a scan system and save log file"

    ▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

    ▶ Tuto hijackthis(Merci à Balltrap34)

    @+
    0
    1. mekesketufe
       
      Merci packman00 pour cette réponse claire et rapide.

      Voici ce que cela donne, tout ce qu'il y a à savoir sur mon ordi :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:51:15, on 12/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\UberIcon\UberIcon Manager.exe
      C:\WINDOWS\system32\topdesk.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\PowerISO\PWRISOVM.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Documents and Settings\Administrateur.75A4EC02E2E3445\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\IncrediMail\bin\IMApp.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\IncrediMail\bin\IncMail.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
      O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
      O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
      O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
      O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
      O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [zzz_ImInstaller_FreeEcardMovies] "C:\Documents and Settings\Administrateur.75A4EC02E2E3445\Local Settings\Temp\ImInstaller\FreeEcardMovies\FreeEcardMovies_Install.exe" -startup -product FreeEcardMovies -skip_dialog language -report -cluster 551 -msc 77777 -ffmsc 45678
      O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [PhotoJoy] C:\Program Files\PhotoJoy\bin\PhotoJoy.exe /c
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur.75A4EC02E2E3445\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
      O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O15 - Trusted Zone: http://www.secuser.com
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: bgszxv.dll qwylfd.dll nodcun.dll thredv.dll zhzujk.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      0
    2. kas
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:14:32, on 13/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
      C:\DOCUME~1\Geha\LOCALS~1\Temp\clclean.0001
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
      C:\Program Files\McAfee.com\Agent\mcagent.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Creative\Shared Files\CamTray.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
      C:\Program Files\AVerTV USB 2.0 Plus\QuickTV.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Logitech\SetPoint\KEM.exe
      C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\McAfee\MSK\MskSrver.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
      O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
      O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
      O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
      O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
      O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: AVerTV USB 2.0.lnk = C:\Program Files\AVerTV USB 2.0 Plus\QuickTV.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      0
    3. mister37 Messages postés 2 Statut Membre
       
      bonjour packman00.moi aussi j'ai un gros gros problème avec le "faux virus" "antivirus 360".J'ai suivi vos conseils très bien détaillés et j'ai téléchargé le logiciel.Après l'avoir installé et fait un copier coller du bloc note qui s'est affiché j'ai obtenu cela:


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:30:30, on 13/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\fxstaller.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\A360\av360.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/webhp?hl=fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
      O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
      O4 - HKLM\..\Run: [c4c64e47] rundll32.exe "C:\WINDOWS\system32\urimlhna.dll",b
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [94386368295459174361163656523212] C:\Program Files\A360\av360.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O20 - AppInit_DLLs: ecujgt.dll
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      0
    4. jacques
       
      Salut,
      meme pb, voici mon rapportLogfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:11:08, on 14/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
      C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Money\System\mnyexpr.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\fxstaller.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
      C:\Program Files\DNA\btdna.exe
      C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.msn.com/fr-fr/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+xls+file
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Starware Toolbar Recettes - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware354\bin\Starware354.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [Disk Monitor] C:\Documents and Settings\Jacques\Disk_Monitor.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S98.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
      O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
      O4 - HKLM\..\Run: [2b1b13ad] rundll32.exe "C:\WINDOWS\system32\sqsnvbvo.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\DOCUME~1\Jacques\LOCALS~1\Temp\E_S42.tmp" /EF "HKCU"
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
      O4 - HKCU\..\Run: [34992562724635251342032043510360] C:\Program Files\A360\av360.exe
      O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Global Startup: Image Transfer.lnk = ?
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
      O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/574/webolr/OCX/FlashAX.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6A8EC4A3-49E6-4888-BBC8-068FE42E0116}: NameServer = 86.64.145.148 84.103.237.148
      O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll szcaha.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      0
    5. jacques
       
      Salut,
      meme pb, voici mon rapportLogfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:11:08, on 14/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
      C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Money\System\mnyexpr.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\fxstaller.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
      C:\Program Files\DNA\btdna.exe
      C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.msn.com/fr-fr/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+xls+file
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Starware Toolbar Recettes - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware354\bin\Starware354.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [Disk Monitor] C:\Documents and Settings\Jacques\Disk_Monitor.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S98.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
      O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
      O4 - HKLM\..\Run: [2b1b13ad] rundll32.exe "C:\WINDOWS\system32\sqsnvbvo.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\DOCUME~1\Jacques\LOCALS~1\Temp\E_S42.tmp" /EF "HKCU"
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
      O4 - HKCU\..\Run: [34992562724635251342032043510360] C:\Program Files\A360\av360.exe
      O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Global Startup: Image Transfer.lnk = ?
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
      O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/574/webolr/OCX/FlashAX.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6A8EC4A3-49E6-4888-BBC8-068FE42E0116}: NameServer = 86.64.145.148 84.103.237.148
      O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll szcaha.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      0
  3. Utilisateur anonyme
     
    Re,

    Télécharge et installe MalwareByte's Anti-Malware
    Malwarebyte

    Mets le à jour

    ▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

    ▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

    ▶ clique sur Rechercher

    ▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

    Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

    Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

    Tutoriel pour MalwareByte's
    0
    1. mekesketufe
       
      Me revoilà avec le fameux rapport :

      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1492
      Windows 5.1.2600 Service Pack 2

      12/12/2008 14:52:36
      mbam-log-2008-12-12 (14-52-36).txt

      Type de recherche: Examen complet (C:\|D:\|F:\|)
      Eléments examinés: 188108
      Temps écoulé: 1 hour(s), 31 minute(s), 19 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 6
      Clé(s) du Registre infectée(s): 17
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 6
      Fichier(s) infecté(s): 25

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\byXOgdaa.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\WINDOWS\system32\bgszxv.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\qwylfd.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\nodcun.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\zhzujk.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\fccyxuVp.dll (Trojan.Vundo.H) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b174e40-36bc-43dc-a99f-1fcf7379cc06} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{1b174e40-36bc-43dc-a99f-1fcf7379cc06} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccyxuvp (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{3e04ea12-993d-4b28-a7ed-0b76f928aab9} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{df8f19d0-075a-4254-9e41-2cceb2f299f8} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{f87dc805-d1dd-4d93-aeaf-e7bb3834f93f} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{fc81bed4-b396-4a49-bffd-002cea6099ef} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc81bed4-b396-4a49-bffd-002cea6099ef} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1b174e40-36bc-43dc-a99f-1fcf7379cc06} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxogdaa -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxogdaa
      0
      1. sYn > mekesketufe
         
        Moi aussi xDDD *vive les boulets*

        xDDDDDDDDD

        le 1er :

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 19:12:08, on 12/12/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16762)
        Boot mode: Normal
        
        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\eHome\ehRecvr.exe
        C:\WINDOWS\eHome\ehSched.exe
        C:\WINDOWS\system32\svchost.exe
        c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\Tablet.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\system32\dllhost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\WINDOWS\system32\WTablet\TabUserW.exe
        C:\WINDOWS\system32\Tablet.exe
        C:\WINDOWS\Explorer.EXE
        C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
        C:\WINDOWS\system32\SysMonitor.exe
        C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
        C:\WINDOWS\VM305_STI.EXE
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\ehome\ehtray.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\eHome\ehmsas.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\DAEMON Tools Lite\daemon.exe
        C:\Program Files\Steam\Steam.exe
        C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
        C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
        C:\Program Files\A360\av360.exe
        C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
        C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
        C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe
        C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
        C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
        C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
        C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
        
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
        O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: adzgalore - {095966df-b21b-7652-ee73-ecf358c3a775} - C:\WINDOWS\system32\nsx144.dll
        O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
        O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
        O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O2 - BHO: cpmsky browser optimizer - {b2be43cb-90a9-987d-4ff6-ef9f5c146f56} - C:\WINDOWS\system32\{797c569c-3933-694d-9415-289645e06c1c}.dll (file missing)
        O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
        O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
        O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
        O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
        O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
        O4 - HKLM\..\Run: [LaunchApp] Alaunch
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
        O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
        O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
        O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
        O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
        O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
        O4 - HKLM\..\Run: [adiras] adiras.exe
        O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
        O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [MSNBuster] C:\Documents and Settings\Michel WALTER\Mes documents\michel\MSNBuster.exe -d
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
        O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
        O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
        O4 - HKCU\..\Run: [08580998803066690883703001547453] C:\Program Files\A360\av360.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Acer Empowering Technology.lnk = ?
        O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
        O4 - Global Startup: DSLMON.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
        O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
        O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
        O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
        O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
        O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
        
        --
        End of file - 15781 bytes
        


        Mais le 2eme n'est pas fini ><" :P
        0
    2. mister37 Messages postés 2 Statut Membre
       
      bonjour j'ai encore suivis vos conseils et voila le rapport qui s'est ouvert.J'ai supprimé la sélection et mon PC a redémarrer.Que dois -je faire ? Merci beaucoup beaucoup de m'aider


      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1500
      Windows 5.1.2600 Service Pack 3

      14/12/2008 19:34:17
      mbam-log-2008-12-14 (19-34-17).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 88419
      Temps écoulé: 1 hour(s), 5 minute(s), 47 second(s)

      Processus mémoire infecté(s): 2
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 20
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 2
      Fichier(s) infecté(s): 21

      Processus mémoire infecté(s):
      C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> Unloaded process successfully.
      C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\fccaaXpo.dll (Trojan.Vundo.H) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqklfff (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c151d919-1fb6-4e87-9846-0674ea1b560f} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{c151d919-1fb6-4e87-9846-0674ea1b560f} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f48d5f8d-8475-44d8-8ec7-35458f5208aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{f48d5f8d-8475-44d8-8ec7-35458f5208aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c151d919-1fb6-4e87-9846-0674ea1b560f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f48d5f8d-8475-44d8-8ec7-35458f5208aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94386368295459174361163656523212 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccaaxpo -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccaaxpo -> Delete on reboot.

      Dossier(s) infecté(s):
      C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
      C:\Documents and Settings\FATIMA\Menu Démarrer\Antivirus 360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\urQkLfff.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\fccaaXpo.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\WINDOWS\system32\opXaaccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\opXaaccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ecujgt.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\WINDOWS\system32\cuojehvq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\qvhejouc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\urimlhna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\anhlmiru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\winsrc.dll (Trojan.BHO) -> Delete on reboot.
      C:\WINDOWS\system32\gikincoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\irilie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\maxtvjlx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
      C:\Documents and Settings\FATIMA\Menu Démarrer\Antivirus 360\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
      C:\Documents and Settings\FATIMA\Menu Démarrer\Antivirus 360\Help.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
      C:\Documents and Settings\FATIMA\Menu Démarrer\Antivirus 360\Registration.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
      C:\Documents and Settings\FATIMA\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\explorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      0
      1. Utilisateur anonyme > mister37 Messages postés 2 Statut Membre
         
        Bonsoir,

        bonjour j'ai encore suivis vos conseils


        Les conseils de qui ?
        0
  4. Utilisateur anonyme
     
    Re,

    On attaque :

    /!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\

    Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

    Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
    Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
    Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
    Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

    (!) Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

    AVANT d'utiliser ComboFix :
    → Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
    → Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

    Sur ton bureau double clic sur Combofix.exe.
    Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

    /!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

    Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

    En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

    Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

    (Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

    Tutorial ( aide ):
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ++
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jpgeff
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:51:20, on 14/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\explorer.exe
    C:\WINDOWS\System32\rs32net.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\mldmm.exe
    C:\WINDOWS\fxstaller.exe
    C:\WINDOWS\system32\svscs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Administrateur\Application Data\gadcom\gadcom.exe
    C:\WINDOWS\System32\rs32net.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar10.dll
    O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
    O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe
    O4 - HKLM\..\Run: [50a0cd2b] rundll32.exe "C:\WINDOWS\system32\jjwujuis.dll",b
    O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
    O4 - HKLM\..\Run: [mmsass] mldmm.exe
    O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svscs.exe
    O4 - HKLM\..\RunServices: [mmsass] mldmm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Administrateur\Application Data\gadcom\gadcom.exe" 61A847B5BBF72810359A3E466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [60624246811202283603651617926268] C:\Program Files\A360\av360.exe
    O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
    O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svscs.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    0
    1. Utilisateur anonyme
       
      Salut,

      Créé ton propre message.

      Merci.

      +
      0