Se connecter / S'enregistrer
Votre question

Aide - fenêtres intempestives depuis hier

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Janvier 2009 13:15:31

Bonjour et meilleurs vœux pour cette nouvelle année à toutes et à tous.

Depuis hier j'ai des fenêtres intempestives et mon PC qui rame comme un malade.
Ce matin mon antivirus vœux des torjons mais n'arrive pas à les éradiquer.
Pouvez-vous svp m'aider.

Bien cordialement.
Ci-joint log HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:39, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Anti-pub\presqueok.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {af175403-d8e0-4b81-8008-d6d8237a0b79} - C:\WINDOWS\system32\yosohede.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [kafejatoso] Rundll32.exe "C:\WINDOWS\system32\zosiyaba.dll",s
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [kafejatoso] Rundll32.exe "C:\WINDOWS\system32\zosiyaba.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Meta - res://C:\WINDOWS\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: C:\WINDOWS\system32\disesobe.dll c:\windows\system32\wavowibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wavowibi.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wavowibi.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6647 bytes

Autres pages sur : aide fenetres intempestives hier

a b 8 Sécurité
2 Janvier 2009 18:11:45

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    2 Janvier 2009 19:15:02

    ReBonjour Angeldark et merci pour votre aide.
    Ci-après le rapport obtenu

    ComboFix 09-01-01.02 - PC Famille 2009-01-02 18:57:15.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.669 [GMT 1:00]
    Lancé depuis: c:\documents and settings\PC Famille\Bureau\ComboFix.exe
    .
    Les fichiers ci-dessous ont été désactivés pendant l'exécution:
    c:\windows\system32\disesobe.dll


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\PC Famille\Application Data\inst.exe
    c:\documents and settings\PC Famille\Menu Démarrer\Programmes\Spyware-Secure
    c:\documents and settings\PC Famille\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
    c:\windows\system32\_000111_.tmp.dll
    c:\windows\system32\disesobe.dll.vir
    c:\windows\system32\idadafog.ini
    c:\windows\system32\ohunotep.ini
    c:\windows\system32\yosohede.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-02 au 2009-01-02 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-02 12:47 . 2009-01-02 12:50 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-02 12:40 . 2009-01-02 12:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg7
    2009-01-01 23:19 . 2009-01-02 18:52 <REP> d-------- C:\Anti-pub
    2009-01-01 18:04 . 2009-01-01 18:05 <REP> d-------- c:\windows\Drivers
    2009-01-01 18:04 . 2009-01-01 18:04 <REP> d-------- c:\program files\Come2PlayK2P
    2009-01-01 18:04 . 2009-01-01 18:04 <REP> d-------- c:\program files\BitTorrent Fastest Tool
    2009-01-01 18:04 . 2008-12-21 16:51 81,920 --a------ c:\windows\system32\appverimp.dll
    2008-12-31 15:58 . 2008-12-31 15:58 <REP> d-------- c:\program files\LG Electronics
    2008-12-31 15:58 . 2007-07-11 10:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
    2008-12-31 15:58 . 2007-07-11 15:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
    2008-12-31 15:58 . 2007-07-11 10:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
    2008-12-31 15:37 . 2008-12-31 15:41 <REP> d-------- c:\documents and settings\All Users\Application Data\LGMOBILEAX
    2008-12-31 15:37 . 2006-05-04 08:33 53,248 --a------ c:\windows\system32\CommonDL.dll
    2008-12-31 15:37 . 2008-12-31 15:38 2,412 --a------ c:\windows\system32\lgAxconfig.ini
    2008-12-29 11:22 . 2008-12-29 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\aHisoft
    2008-12-29 10:54 . 2008-12-29 10:54 <REP> d-------- c:\program files\MyFree Codec
    2008-12-25 20:25 . 2009-01-02 15:36 <REP> d--h----- C:\LG3G
    2008-12-25 20:11 . 2008-12-25 20:11 <REP> d-------- c:\documents and settings\PC Famille\Application Data\LG Electronics
    2008-12-21 22:14 . 2008-12-21 22:13 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-12-16 21:45 . 2008-12-16 21:45 <REP> d-------- c:\documents and settings\PC Famille\Application Data\OpenOffice.org
    2008-12-16 21:38 . 2008-12-16 21:38 <REP> d-------- c:\program files\OpenOffice.org 3
    2008-12-16 21:38 . 2008-12-16 21:38 <REP> d-------- c:\program files\JRE
    2008-12-15 11:50 . 2008-12-15 11:50 <REP> d-------- c:\program files\PDFCreator Toolbar
    2008-12-15 11:50 . 2008-12-15 11:50 253,139 --a------ c:\windows\PDFCreator_Toolbar_Uninstaller_5640.exe
    2008-12-15 11:49 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
    2008-12-15 11:49 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
    2008-12-15 11:49 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
    2008-12-15 11:01 . 2008-12-15 11:25 <REP> d-------- c:\documents and settings\PC Famille\Application Data\DeepBurner
    2008-12-15 10:14 . 2008-12-15 10:14 <REP> d-------- c:\documents and settings\PC Famille\Application Data\Canneverbe_Limited
    2008-12-12 23:56 . 2008-12-26 13:50 57,964 --ah----- c:\windows\system32\mlfcache.dat
    2008-12-07 19:22 . 2008-12-07 19:22 <REP> d-------- c:\program files\MEDIADICO
    2008-12-06 12:00 . 2008-12-06 12:00 <REP> d-------- c:\program files\Avira
    2008-12-03 15:12 . 2008-12-03 15:12 <REP> d-------- c:\program files\iPod
    2008-12-03 15:12 . 2008-12-03 15:13 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-03 14:51 . 2008-12-03 15:07 <REP> d-------- c:\program files\QuickTime
    2008-12-03 14:49 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-02 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-02 11:38 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
    2008-12-31 14:57 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-29 09:39 --------- d-----w c:\program files\Samsung
    2008-12-28 17:57 --------- d-----w c:\documents and settings\PC Famille\Application Data\Apple Computer
    2008-12-28 11:42 --------- d-----w c:\documents and settings\PC Famille\Application Data\BitTorrent
    2008-12-25 19:08 --------- d-----w c:\program files\DivX
    2008-12-21 21:13 --------- d-----w c:\program files\Java
    2008-12-06 11:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2008-12-03 14:12 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-03 14:11 --------- d-----w c:\program files\Bonjour
    2008-12-03 13:40 --------- d-----w c:\program files\Safari
    2008-11-29 14:11 --------- d-----w c:\program files\PowerArchiver
    2008-11-22 15:04 --------- d-----w c:\program files\P2P_Torrent
    2008-11-16 17:56 --------- d-----w c:\documents and settings\PC Famille\Application Data\FileZilla
    2008-11-12 11:16 --------- d-----w c:\program files\Google
    2008-04-15 15:57 777 ----a-w c:\documents and settings\PC Famille\Application Data\waver_2.95.dat
    2007-05-12 19:49 87,608 -c----w c:\documents and settings\PC Famille\Application Data\ezpinst.exe
    2007-05-12 19:49 47,360 -c----w c:\documents and settings\PC Famille\Application Data\pcouffin.sys
    2008-10-01 13:13 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-10-01 13:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-10-01 13:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-10-01 13:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-10-01 13:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
    2008-11-22 16:05 1784856 --a------ c:\program files\P2P_Torrent\tbP2P1.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2008-11-22 1784856]

    [HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccleaner"="d:\program files\CCleaner\ccleaner.exe" [2008-12-01 1406192]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "!AVG Anti-Spyware"="d:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\disesobe.dll c:\windows\system32\wavowibi.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PHOTOfunSTUDIO -viewer-.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PHOTOfunSTUDIO -viewer-.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 21:16 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2008-11-13 10:53 2356088 c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    --a------ 2007-10-11 07:45 31232 c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    --a------ 2008-10-26 18:17 289088 c:\program files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxSys]
    --a------ 2008-12-21 16:52 180224 c:\windows\Drivers\IgfxSys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 d:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
    --a------ 2006-09-19 08:07 827392 c:\windows\vsnpstd3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-12-21 22:13 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    --a------ 2008-09-26 14:50 206184 e:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "d:\\Program Files\\adslTV\\adslTV.exe"=
    "d:\\Program Files\\adslTV\\vlc.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "e:\\jeux\\Atari\\nwn2\\nwn2main.exe"=
    "e:\\jeux\\Atari\\nwn2\\nwn2main_amdxp.exe"=
    "e:\\jeux\\Atari\\nwn2\\nwupdate.exe"=
    "e:\\jeux\\Atari\\nwn2\\nwn2server.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "c:\\Program Files\\adslTV\\adsltv.exe"=
    "c:\\Program Files\\adslTV\\vlc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Pierre\\VeohClient.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "d:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\iTunes\\iTunes.exe"=
    "d:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"=

    R3 OEMFVNETusb(505 2958)(R);OEM FVNETusb(505 2958)(R) Service for 802.11b Pen Size Wireless USB Adapter;c:\windows\system32\DRIVERS\vnet558x.sys [2003-04-17 98176]
    S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2008-04-17 18848]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys []
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2007-12-30 87824]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2007-12-30 85696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0784c50b-3555-11dc-b716-0040f4ab4b04}]
    \Shell\AutoRun\command - G:\InstallTomTomHOME.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-02 c:\windows\Tasks\User_Feed_Synchronization-{C72763B5-6B5B-4EFA-B5CB-E491F501B712}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{af175403-d8e0-4b81-8008-d6d8237a0b79} - c:\windows\system32\yosohede.dll
    WebBrowser-{B8A5B62C-517F-42A5-85AE-29B5497FB15F} - (no file)
    HKLM-Run-kafejatoso - c:\windows\system32\zosiyaba.dll
    MSConfigStartUp-CPM0f19927c - c:\windows\system32\hajajepo.dll
    MSConfigStartUp-kafejatoso - c:\windows\system32\zosiyaba.dll
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Search Using Copernic Meta - c:\windows\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-02 19:02:21
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\windows\system32\muweb.dll 208744 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1220945662-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
    "??"=hex:3d,07,a7,71,53,53,9f,7e,fd,1f,95,79,1d,b2,13,29,9f,38,a5,6c,53,9e,9c,\
    95,04,fc,ae,8a,db,0b,5a,64,dc,dd,90,e9,a9,da,93,26,20,ef,af,d2,6a,d1,96,aa,\
    fc,a2,be,e6,72,02,f9,f5,a5,38,62,95,b9,23,d8,83,ae,b1,bb,0a,7d,4f,20,9b,67,\
    a4,a9,3e,6f,17,99,60,d1,bb,5f,79,6e,53,82,6d,2a,da,e2,61,23,47,b6,e4,b2,00,\
    e0,8a,03,ad,cb,c9,b7,9d,f3,97,23,39,56,86,53,e1,3e,16,87,9b,c7,ba,1c,a1,63,\
    a4,c1,45,9e,f4,89,34,41,a1,c9,b6,26,93,19,84,21,af,8b,80,1b,71,0e,e3,18,5e,\
    ca,c8,4a,c0,7b,1e,eb,fe,0d,5c,f3,2a,e5,ba,35,0b,73,de,9c,1b,8d,94,c1,ba,b1,\
    80,7e,f8,cd,4c,ce,43,d3,ef,c4,ea,27,07,bc,86,8a,4d,55,d7,c5,97,d6,06,c1,78,\
    60,28,2e,52,d5,ee,d5,18,f3,26,70,21,15,a6,5a,21,2d,45,89,6b,20,1f,4a,90,f7,\
    24,cd,97,f6,e9,12,94,52,b9,2a,79,81,1a,fc,ab,a6,98,b0,43,bd,d4,01,d7,d2,14,\
    e9,a9,08,6c,cf,b1,54,61,01,fa,76,ce,38,84,06,87,e9,49,ae,f5,9c,a6,6d,ac,eb,\
    a2,d5,58,76,97,13,60,89,f7,0e,fa,40,62,51,94,70,15,0f,60,3a,1f,16,2c,8a,f2,\
    9f,b2,72,cc,37,d3,f0,77,e8,11,b2,34,30,f4,2e,db,3b,dc,95,b4,25,9b,99,5e,fd,\
    5f,de,55,2e,df,28,f8,4a,a9,48,e0,46,a0,48,63,ee,0c,f9,fc,ba,5b,c4,fa,67,77,\
    30,ef,3f,36,df,f5,39,0f,ed,ca,3d,fc,58,f7,09,54,b3,8e,a3,e9,ea,14,97,f4,11,\
    ae,39,56,27,62,5b,23,c9,81,81,07,b8,cb,d2,70,ec,4b,b9,1e,be,82,e7,e5,6d,e4,\
    ef,0b,13,ea,cf,13,e7,ec,42,72,9c,ce,39,5a,4a,87,6e,7c,3c,08,04,26,56,bc,5d,\
    1a,35,ca,ed,c1,7f,f2,44,1f,73,f8,4a,6d,e5,f9,fa,0a,bc,44,4e,fb,37,9e,13,f9,\
    b8,4c,5f,d3,d3,7f,5c,7f,c0,ba,e8,2f,ac,2f,54,98,da,d9,06,e1,63,67,45,6c,00,\
    68,41,56,9a,6d,7f,88,89,66,a8,e9,14,a4,9f,f0,61,8c,c1,54,67,46,0d,e5,48,94,\
    b2,f7,d6,8f,34,bc,8f,36,8e,b9,93,fe,0f,7a,ec,33,a2,17,40,5e,29,3e,80,4c,98,\
    44,a0,7e,02,db,9b,0a,fe,46,31,0e,95,54,0c,45,73,af,3c,11,b1,77,47,9d,df,1c,\
    ce,17,13,11,0d,b4,89,00,bb,f5,02,d2,c8,a6,b2,6f,98,9b,7d,06,7d,fb,3c,e9,76,\
    d6,e1,fe,2c,93,d8,c3,74,1f,c3,33,8b,9a,cc,ea,b9,2e,9a,af,85,22,8e,b4,b1,d0,\
    58,b0,9d,bb,ab,72,38,14,90,fc,3d,6a,61,d6,cd,44,07,4a,66,7e,d8,75,36,ca,a8,\
    13,0a,fb,b9,d7,66,18,a6,72,d6,bc,e0,b9,92,de,8a,7e,65,6e,61,d6,35,43,8a,58,\
    06,6a,7a,57,28,e7,7b,09,bf,13,fe,a8,0d,7a,ed,f8,f3,32,61,77,d2,65,f6,a6,b4,\
    98,d0,68,1e,50,46,6a,19,95,55,0b,fc,91,29,e7,b7,5f,28,de,ae,e8,eb,98,d7,b7,\
    96,2d,1f,4f,f9,fe,9e,c1,6c,3f,7a,92,58,f9,cb,1c,43,16,c0,4b,18,20,f8,4f,a6,\
    d1,75,c0,ee,6f,cd,b3,78,61,c5,a5,34,16,16,90,8f,df,4f,9c,78,dc,e2,fc,c9,ba,\
    7e,ed,87,c1,38,5a,5f,dd,d0,09,ff,25,7a,d7,29,b7,0e,92,79,b7,e3,02,ae,7a,33,\
    7b,38,22,8e,fe,57,e5,1e,22,78,46,05,07,a3,94,db,1a,29,bc,27,75,f7,1b,c9,24,\
    db,ce,e4,8e,8a,ad,ab,4b,60,57,f3,49,90,64,61,a3,1c,21,31,c3,38,b0,96,56,62,\
    94,97,64,9d,b3,da,da,c2,b5,21,fc,40,83,58,ae,2a,02,ec,ff,db,0e,05,ab,67,c0,\
    33,7d,38,d1,33,45,28,f1,33
    "??"=hex:a0,c2,87,2b,18,b0,fc,51,5b,0f,ab,1f,99,9e,66,f4

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(760)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    d:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    d:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\PSIService.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-02 19:09:40 - La machine a redémarré [PC Famille]
    ComboFix-quarantined-files.txt 2009-01-02 18:09:38

    Avant-CF: 1,515,565,056 octets libres
    Après-CF: 1,473,904,640 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /usepmtimer /NoExecute=OptOut

    279 --- E O F --- 2008-12-18 21:23:58
    a b 8 Sécurité
    3 Janvier 2009 18:17:55

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS