Votre question

TR\vundo.BY de l'aide

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Novembre 2008 21:08:11

Bonjour tt le monde

Voila 3 jours que c'est la misere j'arrive pas à me débarraser
de ce trojan ( TR\vundo.BY )
des alertes d'avira l'une derriere l'autre...
J'espere que quelqu'un pourra m'aider merci d'avance Carl
Voila mon rapport Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:21, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [zihagarepo] Rundll32.exe "C:\WINDOWS\system32\noyapavi.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.orange.fr
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carlinch1.spaces.live.com/PhotoUpload/MsnPUpld.c...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: C:\WINDOWS\system32\wogibodi.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6665 bytes

Autres pages sur : vundo aide

29 Novembre 2008 11:36:52

Bonjour tout le monde
il n'y a vrt personne pour me donner un coup de main?
merci Carl
a b 8 Sécurité
29 Novembre 2008 12:09:41

Bonjour,

Patience !

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Contenus similaires
    29 Novembre 2008 19:45:31

    Bonsoir Angeldark

    désolé d'etre impatient je commencais a désespérer en plus c'est le branle bas de combat pour me connecter a internet bref..
    Merci beaucoup en tout cas
    Voila mon rapport combo:

    ComboFix 08-11-28.03 - Administrateur 2008-11-29 19:18:18.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.611 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrateur\Application Data\inst.exe
    c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    c:\windows\system32\bkadjwhr.dll
    c:\windows\system32\cdtkoqby.dll
    c:\windows\system32\goxfpp.dll
    c:\windows\system32\hpodalgu.ini
    c:\windows\system32\jkkLfCsQ.dll
    c:\windows\system32\jwhzvk.dll
    c:\windows\system32\mafuveyi.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\mrwovtin.dll
    c:\windows\system32\nkayfs.dll
    c:\windows\system32\nrjnjteb.dll
    c:\windows\system32\QsCfLkkj.ini
    c:\windows\system32\QsCfLkkj.ini2
    c:\windows\system32\ugladoph.dll
    c:\windows\system32\uyavyryw.dll
    c:\windows\system32\wamurspo.dll
    c:\windows\system32\wyryvayu.ini
    c:\windows\system32\xwpxvink.dll
    c:\windows\system32\ykeowv.dll
    c:\windows\system32\ylcela.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-28 20:24 . 2008-11-28 20:27 <REP> d-------- c:\documents and settings\L2MFIX
    2008-11-28 20:24 . 2008-11-28 20:24 0 --a------ c:\windows\system32\lo2.txtt
    2008-11-28 20:20 . 2008-11-28 20:20 <REP> d-------- c:\program files\l2mfix
    2008-11-28 20:14 . 2008-11-28 20:14 <REP> d-------- c:\program files\CleanUp!
    2008-11-28 20:03 . 2008-11-28 20:03 <REP> d-------- c:\windows\system32\bfubackups
    2008-11-28 19:58 . 2008-11-29 12:13 <REP> d-------- C:\BFU
    2008-11-28 16:27 . 2008-11-28 18:06 <REP> d-------- C:\!KillBox
    2008-11-27 20:26 . 2008-11-29 18:48 <REP> d-------- C:\Bases
    2008-11-25 18:49 . 2008-11-25 18:49 <REP> d-------- C:\VundoFix Backups
    2008-11-24 19:48 . 2008-11-24 19:48 <REP> d-------- c:\program files\Defenza
    2008-11-24 19:48 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
    2008-11-24 19:48 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
    2008-11-24 19:48 . 2008-11-24 19:48 3,120 --a------ c:\windows\system32\118290.54
    2008-11-24 19:48 . 2008-11-24 19:48 3,120 --a------ c:\windows\118294.78
    2008-11-24 19:48 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
    2008-11-24 19:04 . 2008-11-24 19:05 <REP> d-------- c:\program files\CDex_170b2
    2008-11-23 00:17 . 2008-11-23 00:17 325 --a------ c:\windows\MusicStudio.INI
    2008-11-23 00:00 . 2008-11-24 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\MAGIX
    2008-11-23 00:00 . 2007-04-27 10:43 120,200 --a------ c:\windows\system32\DLLDEV32i.dll
    2008-11-22 23:59 . 2008-11-24 19:20 <REP> d-------- c:\windows\system32\MAGIX
    2008-11-22 23:59 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
    2008-11-22 23:59 . 2008-11-23 00:01 5,937 --a------ c:\windows\mgxoschk.ini
    2008-11-22 08:37 . 2008-11-22 21:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
    2008-11-22 08:31 . 2008-11-22 09:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
    2008-11-22 08:30 . 2008-11-22 08:30 <REP> d-------- c:\program files\VideoLAN
    2008-11-16 19:57 . 2008-11-16 19:58 <REP> d-------- c:\windows\system32\Adobe
    2008-11-13 19:48 . 2008-11-13 19:48 <REP> d-------- c:\documents and settings\karl\Mes documents
    2008-11-13 19:48 . 2008-11-13 19:48 <REP> d-------- c:\documents and settings\karl
    2008-11-13 19:40 . 2008-11-13 19:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
    2008-11-12 18:02 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 17:57 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-08 09:26 . 2008-11-08 09:28 <REP> d-------- c:\program files\Yahoo!
    2008-11-01 20:56 . 2008-11-01 20:56 <REP> d-------- c:\program files\Canal
    2008-11-01 20:53 . 2008-11-01 20:53 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-29 10:59 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-29 10:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-28 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2008-11-28 18:55 --------- d-----w c:\program files\eMule
    2008-11-24 18:48 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-24 18:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2008-11-17 18:31 --------- d-----w c:\program files\Google
    2008-11-13 17:53 --------- d-----w c:\program files\ma-config.com
    2008-11-13 17:53 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2008-11-02 10:55 --------- d-----w c:\program files\SuperCopier2
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-17 15:20 --------- d-----w c:\program files\Native Instruments
    2008-10-17 15:20 --------- d-----w c:\program files\Fichiers communs\Digidesign
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-04 13:00 --------- d-----w c:\program files\CDBurnerXP
    2008-10-04 13:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\Canneverbe_Limited
    2008-10-04 12:59 --------- d-----w c:\program files\CDBurnerXP Pro 3
    2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
    2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
    2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
    2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
    2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-02-14 09:14 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
    2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
    2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
    2004-08-05 09:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
    1995-09-20 14:16 35,088 --sha-w c:\windows\system32\msjint32.dll
    1995-09-20 14:13 977,680 --sha-w c:\windows\system32\msjt3032.dll
    1995-09-20 14:16 23,824 --sha-w c:\windows\system32\msjter32.dll
    2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
    2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
    2001-08-24 00:47 253,952 --sha-w c:\windows\system32\msvcrt20.dll
    2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
    1995-09-24 09:02 243,472 --sha-w c:\windows\system32\vbar2232.dll
    1998-05-18 01:06 368,912 --sha-w c:\windows\system32\vbar332.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
    "LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-03-08 900096]
    "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\wogibodi.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
    path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk
    backup=c:\windows\pss\Outil de notification Live Search.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    --a------ 2008-07-19 06:53 266497 c:\program files\AntiVir PersonalEdition Classic\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]
    --a------ 2008-10-23 15:12 103992 c:\program files\Canal\Canal Widget\Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
    --a------ 2003-05-08 15:34 69632 c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    --a------ 2004-02-04 14:33 294912 c:\program files\Lexmark Fax Solutions\fm3032.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDAS]
    --a------ 2006-12-15 10:47 1359872 c:\program files\Defenza\pcd-as.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
    --a------ 2003-11-20 21:01 525824 c:\program files\Compaq\SetRefresh\SetRefresh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
    --a------ 2003-05-05 08:57 143360 c:\program files\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    --------- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
    --a------ 2001-07-24 22:34 36864 c:\cpqs\scom\srmclean.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
    --a------ 2006-07-07 17:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Bases\\kavupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Documents and Settings\\Administrateur\\Bureau\\procexp.exe"=
    "c:\\WINDOWS\\system32\\ping.exe"=
    "c:\\WINDOWS\\system32\\find.exe"=

    R2 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6F836CB8-53ED-40DB-909A-A610FC0E7EA6} - (no file)
    BHO-{9262af37-692f-4b20-8699-b27035a36e5f} - c:\windows\system32\mafuveyi.dll
    BHO-{D4AF2276-5ADF-41BD-BC4D-C4497124C9F0} - (no file)
    BHO-{EE704A19-F4AE-4415-9A34-AC739EE1118E} - c:\windows\system32\jkkLfCsQ.dll
    HKLM-Run-zihagarepo - c:\windows\system32\noyapavi.dll
    ShellExecuteHooks-{AFAF8314-45C9-4EC5-9317-A9C24E01D0AC} - c:\windows\system32\ssqNDvwW.dll
    Notify-imskdic32 - imskdic32.dll
    Notify-ssqNDvwW - ssqNDvwW.dll
    MSConfigStartUp-a8aca0ec - c:\windows\system32\uyavyryw.dll
    MSConfigStartUp-zihagarepo - c:\windows\system32\noyapavi.dll


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: *.canal-plus.com

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
    c:\windows\Downloaded Program Files\hardwaredetection.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-29 19:22:35
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Orange\Launcher\Launcher.exe
    c:\program files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    c:\program files\Orange\Connectivity\ConnectivityManager.exe
    c:\program files\Orange\Connectivity\corecom\CoreCom.exe
    c:\program files\Orange\Connectivity\corecom\OraConfigRecover.exe
    c:\program files\Fichiers communs\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-29 19:28:22 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-29 18:28:19

    Avant-CF: 43 943 329 792 octets libres
    Après-CF: 43,884,470,272 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    265 --- E O F --- 2008-11-16 19:21:19
    a b 8 Sécurité
    30 Novembre 2008 19:21:09

    Reposte un rapport Hijackthis.
    30 Novembre 2008 19:40:53

    Le nouveau rapport:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:39:51, on 30/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Orange\Launcher\Launcher.exe
    C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Orange\connectivity\connectivitymanager.exe
    C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: http://www.orange.fr
    O15 - Trusted Zone: *.canal-plus.com (HKLM)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carlinch1.spaces.live.com/PhotoUpload/MsnPUpld.c...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wogibodi.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 7105 bytes

    a b 8 Sécurité
    1 Décembre 2008 17:55:58

    Analyse le fichier suivant chez VirusTotal puis poste le rapport :
    C:\WINDOWS\system32\wogibodi.dll
    1 Décembre 2008 18:54:12

    Salut Angeldark

    Alors le fichier:"C:\WINDOWS\system32\wogibodi.dll" est introuvable par contre j'ai C:\WINDOWS\system32\wogibodi.VIR donc j'ai scanné celui la voila le rapport :


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.12.2.0 2008.12.01 -
    AntiVir 7.9.0.36 2008.12.01 TR/Vundo.MY
    Authentium 5.1.0.4 2008.12.01 -
    Avast 4.8.1281.0 2008.12.01 -
    AVG 8.0.0.199 2008.12.01 Generic12.QGX
    BitDefender 7.2 2008.12.01 -
    CAT-QuickHeal 10.00 2008.12.01 -
    ClamAV 0.94.1 2008.12.01 -
    DrWeb 4.44.0.09170 2008.12.01 -
    eSafe 7.0.17.0 2008.11.30 Suspicious File
    eTrust-Vet 31.6.6234 2008.11.28 -
    Ewido 4.0 2008.12.01 -
    F-Prot 4.4.4.56 2008.12.01 -
    F-Secure 8.0.14332.0 2008.12.01 Trojan:W32/Vundo.BU
    Fortinet 3.117.0.0 2008.12.01 -
    GData 19 2008.12.01 -
    Ikarus T3.1.1.45.0 2008.12.01 -
    K7AntiVirus 7.10.539 2008.12.01 -
    Kaspersky 7.0.0.125 2008.12.01 -
    McAfee 5450 2008.11.30 -
    McAfee+Artemis 5450 2008.11.30 -
    Microsoft 1.4104 2008.12.01 Trojan:Win32/Vundo.JD.dll
    NOD32 3654 2008.12.01 a variant of Win32/Adware.Virtumonde.NDI
    Norman 5.80.02 2008.12.01 -
    Panda 9.0.0.4 2008.12.01 -
    PCTools 4.4.2.0 2008.12.01 -
    Prevx1 V2 2008.12.01 -
    Rising 21.06.02.00 2008.12.01 Trojan.Win32.VUNDO.bus
    SecureWeb-Gateway 6.7.6 2008.12.01 Trojan.Vundo.MY
    Sophos 4.36.0 2008.12.01 Troj/Virtum-Gen
    Sunbelt 3.1.1832.2 2008.12.01 -
    Symantec 10 2008.12.01 -
    TheHacker 6.3.1.1.169 2008.11.29 -
    TrendMicro 8.700.0.1004 2008.12.01 -
    VBA32 3.12.8.9 2008.12.01 -
    ViRobot 2008.12.1.1494 2008.12.01 -
    VirusBuster 4.5.11.0 2008.12.01 -
    Information additionnelle
    File size: 60416 bytes
    MD5...: 2e3f66747c4b13f961e7cd72670f663d
    SHA1..: 8fae5a531bdfc7d270662850b7122aa77912b34a
    SHA256: 781fa4b430b5be50958e610d9ce7142fae0e755c98f04ffa4fe901aa5c1de94d
    SHA512: 74c19ffa6031c469f58b330995da36db6ff1175c63e5af6b1d65b0f971dd5c38
    6cec9055f8cb0cb504f4922e6f8166426b48954e73c7ae15d716931897e6750a

    ssdeep: 1536:ZGu1IBBurzsU/nqnpXbdug6alqy+h4THjwwsIWqF5:Te8mpXbdu1b6THia5

    PEiD..: -
    TrID..: File type identification
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x100010e7
    timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
    machinetype.......: 0x14c (I386)

    ( 6 sections )
    name viradd virsiz rawdsiz ntrpy md5
    text 0x1000 0x49f3 0x4a00 7.90 140559c7567a4de2487e77b71812642c
    .rdata 0x6000 0x2dbb 0x2e00 7.82 887077c51deecb5b1562f406895bf66a
    .data 0x9000 0x5fa3 0x6000 7.99 c6f0fb9657f075fd9aec96a93706e470
    .idata 0xf000 0x399 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
    .rsrc 0x10000 0x400 0x400 3.40 8f0949d8ab1f0156905e439a59cf8a00
    .reloc 0x11000 0xcfa4 0x800 0.89 a0ee42caf0f87e71e40548c75d25b102

    ( 4 imports )
    > user32.dll: ToAscii, EndPaint, EndDeferWindowPos, DestroyWindow, DestroyMenu, DestroyCursor, CreatePopupMenu, CreateDesktopW, CloseWindow
    > KERNEL32.dll: GetProcessHeap, HeapValidate, HeapDestroy, GetACP, ExitProcess, EnterCriticalSection, TerminateProcess, WriteFile, SetStdHandle
    > advapi32.dll: RegOpenKeyExA, RegEnumValueA, RegCloseKey
    > comdlg32.dll: GetOpenFileNameW, GetFileTitleW

    ( 0 exports )

    a b 8 Sécurité
    2 Décembre 2008 12:45:44

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    c:\windows\system32\wogibodi.dll

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    2 Décembre 2008 19:20:06

    voila le rapport Combofix:

    ComboFix 08-11-28.03 - Administrateur 2008-12-02 19:09:13.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.630 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\wogibodi.dll
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-29 21:12 . 2008-11-29 21:12 <REP> d-------- c:\program files\MSXML 4.0
    2008-11-28 20:24 . 2008-11-28 20:27 <REP> d-------- c:\documents and settings\L2MFIX
    2008-11-28 20:24 . 2008-11-28 20:24 0 --a------ c:\windows\system32\lo2.txtt
    2008-11-28 20:20 . 2008-11-28 20:20 <REP> d-------- c:\program files\l2mfix
    2008-11-28 20:14 . 2008-11-28 20:14 <REP> d-------- c:\program files\CleanUp!
    2008-11-28 20:03 . 2008-11-28 20:03 <REP> d-------- c:\windows\system32\bfubackups
    2008-11-28 19:58 . 2008-11-29 12:13 <REP> d-------- C:\BFU
    2008-11-28 16:27 . 2008-11-28 18:06 <REP> d-------- C:\!KillBox
    2008-11-27 20:26 . 2008-11-29 18:48 <REP> d-------- C:\Bases
    2008-11-25 18:49 . 2008-11-25 18:49 <REP> d-------- C:\VundoFix Backups
    2008-11-24 19:48 . 2008-11-24 19:48 <REP> d-------- c:\program files\Defenza
    2008-11-24 19:48 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
    2008-11-24 19:48 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
    2008-11-24 19:48 . 2008-11-24 19:48 3,120 --a------ c:\windows\system32\118290.54
    2008-11-24 19:48 . 2008-11-24 19:48 3,120 --a------ c:\windows\118294.78
    2008-11-24 19:48 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
    2008-11-24 19:04 . 2008-11-24 19:05 <REP> d-------- c:\program files\CDex_170b2
    2008-11-23 00:17 . 2008-11-23 00:17 325 --a------ c:\windows\MusicStudio.INI
    2008-11-23 00:00 . 2008-11-24 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\MAGIX
    2008-11-23 00:00 . 2007-04-27 10:43 120,200 --a------ c:\windows\system32\DLLDEV32i.dll
    2008-11-22 23:59 . 2008-11-24 19:20 <REP> d-------- c:\windows\system32\MAGIX
    2008-11-22 23:59 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
    2008-11-22 23:59 . 2008-11-23 00:01 5,937 --a------ c:\windows\mgxoschk.ini
    2008-11-22 08:37 . 2008-11-22 21:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
    2008-11-22 08:31 . 2008-11-22 09:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
    2008-11-22 08:30 . 2008-11-22 08:30 <REP> d-------- c:\program files\VideoLAN
    2008-11-16 19:57 . 2008-11-16 19:58 <REP> d-------- c:\windows\system32\Adobe
    2008-11-13 19:48 . 2008-11-13 19:48 <REP> d-------- c:\documents and settings\karl\Mes documents
    2008-11-13 19:48 . 2008-11-13 19:48 <REP> d-------- c:\documents and settings\karl
    2008-11-13 19:40 . 2008-11-13 19:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
    2008-11-12 18:02 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 17:57 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-08 09:26 . 2008-11-08 09:28 <REP> d-------- c:\program files\Yahoo!

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-02 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-01 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2008-11-29 10:59 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-28 18:55 --------- d-----w c:\program files\eMule
    2008-11-24 18:48 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-24 18:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2008-11-17 18:31 --------- d-----w c:\program files\Google
    2008-11-13 17:53 --------- d-----w c:\program files\ma-config.com
    2008-11-13 17:53 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2008-11-02 10:55 --------- d-----w c:\program files\SuperCopier2
    2008-11-01 19:56 --------- d-----w c:\program files\Canal
    2008-11-01 19:53 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-17 15:20 --------- d-----w c:\program files\Native Instruments
    2008-10-17 15:20 --------- d-----w c:\program files\Fichiers communs\Digidesign
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-04 13:00 --------- d-----w c:\program files\CDBurnerXP
    2008-10-04 13:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\Canneverbe_Limited
    2008-10-04 12:59 --------- d-----w c:\program files\CDBurnerXP Pro 3
    2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
    2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
    2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
    2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
    2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-02-14 09:14 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
    2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
    2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
    2004-08-05 09:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
    1995-09-20 14:16 35,088 --sha-w c:\windows\system32\msjint32.dll
    1995-09-20 14:13 977,680 --sha-w c:\windows\system32\msjt3032.dll
    1995-09-20 14:16 23,824 --sha-w c:\windows\system32\msjter32.dll
    2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
    2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
    2001-08-24 00:47 253,952 --sha-w c:\windows\system32\msvcrt20.dll
    2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
    1995-09-24 09:02 243,472 --sha-w c:\windows\system32\vbar2232.dll
    1998-05-18 01:06 368,912 --sha-w c:\windows\system32\vbar332.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-29_19.27.32.10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-11-29 20:12:06 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
    + 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
    + 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
    "LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-03-08 900096]
    "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\imskdic32]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNDvwW]
    [BU]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
    path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk
    backup=c:\windows\pss\Outil de notification Live Search.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]
    --a------ 2008-10-23 15:12 103992 c:\program files\Canal\Canal Widget\Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
    --a------ 2003-05-08 15:34 69632 c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    --a------ 2004-02-04 14:33 294912 c:\program files\Lexmark Fax Solutions\fm3032.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDAS]
    --a------ 2006-12-15 10:47 1359872 c:\program files\Defenza\pcd-as.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
    --a------ 2003-11-20 21:01 525824 c:\program files\Compaq\SetRefresh\SetRefresh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
    --a------ 2003-05-05 08:57 143360 c:\program files\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    --------- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
    --a------ 2001-07-24 22:34 36864 c:\cpqs\scom\srmclean.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
    --a------ 2006-07-07 17:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Bases\\kavupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Documents and Settings\\Administrateur\\Bureau\\procexp.exe"=
    "c:\\WINDOWS\\system32\\ping.exe"=
    "c:\\WINDOWS\\system32\\find.exe"=

    R2 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6F836CB8-53ED-40DB-909A-A610FC0E7EA6} - (no file)
    BHO-{9262af37-692f-4b20-8699-b27035a36e5f} - (no file)
    BHO-{D4AF2276-5ADF-41BD-BC4D-C4497124C9F0} - (no file)



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-02 19:11:08
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-02 19:12:24
    ComboFix-quarantined-files.txt 2008-12-02 18:12:03
    ComboFix2.txt 2008-12-02 17:58:38
    ComboFix3.txt 2008-11-29 18:28:24

    Avant-CF: 44 226 715 648 octets libres
    Après-CF: 44,215,767,040 octets libres

    207 --- E O F --- 2008-11-29 20:12:07
    2 Décembre 2008 19:21:32

    ....Et voila le rapport hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:16:45, on 02/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Orange\Launcher\Launcher.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Orange\connectivity\connectivitymanager.exe
    C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: (no name) - {6F836CB8-53ED-40DB-909A-A610FC0E7EA6} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9262af37-692f-4b20-8699-b27035a36e5f} - (no file)
    O2 - BHO: (no name) - {D4AF2276-5ADF-41BD-BC4D-C4497124C9F0} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: http://www.orange.fr
    O15 - Trusted Zone: *.canal-plus.com (HKLM)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carlinch1.spaces.live.com/PhotoUpload/MsnPUpld.c...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - Winlogon Notify: imskdic32 - C:\WINDOWS\
    O20 - Winlogon Notify: ssqNDvwW - C:\WINDOWS\
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 6678 bytes
    a b 8 Sécurité
    3 Décembre 2008 12:41:53

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {6F836CB8-53ED-40DB-909A-A610FC0E7EA6} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9262af37-692f-4b20-8699-b27035a36e5f} - (no file)
    O2 - BHO: (no name) - {D4AF2276-5ADF-41BD-BC4D-C4497124C9F0} - (no file)
    O20 - Winlogon Notify: imskdic32 - C:\WINDOWS\
    O20 - Winlogon Notify: ssqNDvwW - C:\WINDOWS\
    3 Décembre 2008 18:40:46

    salut
    Voila c fait
    Déja je n'ai plus de message d'alerte( antivirus & spybot) et plus de page de pub intempestives

    J'attends de tes nouvelles
    Merci Carl
    a b 8 Sécurité
    4 Décembre 2008 16:56:39

    Je pense que c'est ok.
    5 Décembre 2008 13:58:49

    Et bien merci Angeldark
    Longue vie a info du net
    Dois je mettre Resolu?
    a b 8 Sécurité
    5 Décembre 2008 16:12:00

    Yep c'est mieux :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS