Se connecter / S'enregistrer
Votre question

Virus encore un... empèche windows update

Tags :
  • Mise à jour Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
26 Mai 2008 22:39:34

Bonjours ou Bonsoir à tous
je résume j'ai été infecté par un virus qui avait pour pour particularité de noter "virus alert" dans la barre des têche de me couper le c: dans l'explorer de m'empécher de faire ctrl alt suppr etc etc etc
Bon nombre de problème sont résolu !
cependant :
windows update ne fonctionne plus et internet explorer est devenu completement foireux ce qui vas de paire à piori quelqu'un peut il m'aider???

Autres pages sur : virus empeche windows update

Anonyme
26 Mai 2008 22:44:37

SmitFraudFix v2.322

Rapport fait à 22:44:30.61, 2008-05-26
Executé à partir de C:\Documents and Settings\Sam et B‚n‚\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\V0250Mon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam et Béné\Bureau\spybotsd152.exe
C:\DOCUME~1\SAMETB~1\LOCALS~1\Temp\is-KCLON.tmp\spybotsd152.tmp
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sam et B‚n‚


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sam et B‚n‚\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SAMETB~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F76F2D27-177D-47DD-A2BA-DA44E49AE79B}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F76F2D27-177D-47DD-A2BA-DA44E49AE79B}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F76F2D27-177D-47DD-A2BA-DA44E49AE79B}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Anonyme
26 Mai 2008 22:47:42

je viens aussi de lancer un spybot en désespoir de cause
Contenus similaires
Anonyme
27 Mai 2008 08:29:17

spybot n'arrête pas de me signaler des choses c'est le B...RDEL !!!
a b 8 Sécurité
27 Mai 2008 12:32:34

Bonjour,

Un peu de patience ? Tu connais la patience ?

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Anonyme
    27 Mai 2008 13:09:50

    Merci beaucoup pour ta disponibilité je suis désolé de te presser mais tu dois savoir ce que c'est je suis en pleine empathie avec mon ordie quand il tombe en panne
    Par ailleur je constate que spybot ne fait pas grand chose d'autre que de créer des problèmes. Dailleur windows me fais une erreur au démarrage me signalant qu'il ne trouve plus un dll d'un nom que je ne retrouve plus.
    Je suis au bureau je te dirais ça ce soir
    encore merci
    Anonyme
    27 Mai 2008 18:40:52

    eh voila

    Malwarebytes' Anti-Malware 1.12
    Database version: 790

    Scan type: Quick Scan
    Objects scanned: 38273
    Time elapsed: 16 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 8
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c413c01-87db-443a-a639-b27f338c8d26} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6c413c01-87db-443a-a639-b27f338c8d26} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4ee62603-9bb7-462b-8a8d-e9f4bf11be49} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ee62603-9bb7-462b-8a8d-e9f4bf11be49} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\rqRIbbxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wxbbIRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wxbbIRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\boqnrwdmvdr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

    à noter
    Anonyme
    27 Mai 2008 18:42:51

    à noter plus de windos update plus ed pare feux non plus
    Anonyme
    27 Mai 2008 19:20:15

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:19, on 2008-05-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\stsystra.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\V0250Mon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\DELLSU~1\DSBrws.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [e4a16f3a] rundll32.exe "C:\WINDOWS\system32\vqvbeysg.dll",b
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 9572 bytes
    a b 8 Sécurité
    27 Mai 2008 19:49:27

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Anonyme
    27 Mai 2008 23:13:53

    déjà fait rien changé.
    a b 8 Sécurité
    28 Mai 2008 12:58:39

    Et le rapport ? ...
    Anonyme
    28 Mai 2008 14:08:47

    pour ce soir comme hier
    a b 8 Sécurité
    28 Mai 2008 14:20:51

    Oki :) 
    29 Mai 2008 19:37:06

    c'est moi j'ai été obligé de refaire un log j'avais oublié de valider mon compte voilà donc le combofix:

    ComboFix 08-05-25.5 - Administrateur 2008-05-29 19:01:40.3 - NTFSx86 MINIMAL
    Endroit: C:\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\eKjmlUvw.ini
    C:\WINDOWS\system32\eKjmlUvw.ini2
    C:\WINDOWS\system32\gsyebvqv.ini
    C:\WINDOWS\system32\nnnnNHaA.dll
    C:\WINDOWS\system32\NoYcIkkj.ini
    C:\WINDOWS\system32\NoYcIkkj.ini2
    C:\WINDOWS\system32\qtcbsnyw.ini
    C:\WINDOWS\system32\xFfMmUvw.ini
    C:\WINDOWS\system32\xFfMmUvw.ini2
    C:\WINDOWS\system32\yrnwvoye.ini
    C:\WINDOWS\system32\ytmgxkpi.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-29 18:38 . 2008-05-29 18:38 95,232 --a------ C:\WINDOWS\system32\wynsbctq.dll
    2008-05-28 18:39 . 2008-05-28 18:39 95,744 --a------ C:\WINDOWS\system32\ipkxgmty.dll
    2008-05-27 18:38 . 2008-05-27 18:38 94,208 --a------ C:\WINDOWS\system32\vqvbeysg.dll
    2008-05-27 18:35 . 2008-05-27 18:35 322,944 --a------ C:\WINDOWS\system32\jkkIcYoN.dll
    2008-05-27 17:57 . 2008-05-27 17:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
    2008-05-27 17:47 . 2008-05-27 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-05-27 17:42 . 2008-05-27 17:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-27 17:42 . 2008-05-27 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-27 17:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-27 17:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-26 22:45 . 2008-05-26 23:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-26 22:45 . 2008-05-26 23:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-26 18:39 . 2008-05-26 18:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-26 17:59 . 2008-05-26 17:59 <REP> d-------- C:\smit
    2008-05-26 12:36 . 2008-05-26 12:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
    2008-05-26 00:29 . 2008-05-26 00:29 155 --a------ C:\345543.bat
    2008-05-25 23:39 . 2008-05-26 22:44 3,726 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-25 23:38 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-05-25 23:38 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-05-25 23:38 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-05-25 23:38 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-05-25 23:38 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-05-25 23:38 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-05-25 23:38 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-05-25 23:38 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-05-25 22:55 . 2008-05-25 22:55 <REP> d-------- C:\Program Files\Windows Defender
    2008-05-25 21:16 . 2008-05-25 23:41 <REP> d-------- C:\Program Files\Yahoo!
    2008-05-25 20:24 . 2008-05-25 20:24 148 --a------ C:\WINDOWS\MAPSCANW.INI
    2008-05-25 19:12 . 2008-05-25 19:13 <REP> d-------- C:\MSW
    2008-05-25 18:29 . 2008-05-26 21:58 <REP> dr-h----- C:\$VAULT$.AVG
    2008-05-25 18:29 . 2008-05-25 18:29 29,312 --a------ C:\WINDOWS\system32\vtUonnkh.dll
    2008-05-25 18:28 . 2008-05-25 15:15 94,208 --a------ C:\WINDOWS\etkq.exe
    2008-05-25 17:38 . 2008-05-25 17:38 <REP> d-------- C:\flexlm
    2008-05-24 11:05 . 2008-05-25 18:32 <REP> d-------- C:\Program Files\Raster Design 2008
    2008-05-20 19:02 . 2008-05-20 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-05-20 18:44 . 2008-05-24 00:44 <REP> d-------- C:\Program Files\Raster Design 2007
    2008-05-15 21:28 . 2008-05-15 21:28 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-05-15 21:04 . 2008-05-15 21:04 <REP> d-------- C:\Program Files\Consistent Software
    2008-05-08 12:59 . 2008-05-09 00:22 <REP> d-------- C:\Program Files\IKEA HomePlanner
    2008-05-08 12:59 . 2008-05-08 12:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-01 17:49 . 2008-05-01 17:49 <REP> d-------- C:\Program Files\Veoh Networks

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-29 05:06 --------- d-----w C:\Program Files\eMule
    2008-05-26 17:10 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-05-26 16:56 1,955,622 ----a-w C:\ComboFix.exe
    2008-05-26 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-26 16:36 --------- d-----w C:\Program Files\Roxio
    2008-05-26 16:36 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-05-26 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-05-26 16:04 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-05-25 17:11 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
    2008-05-25 17:11 --------- d-----w C:\Program Files\AutoCAD 2008
    2008-05-25 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2008-04-22 17:46 --------- d-----w C:\Program Files\iTunes
    2008-04-22 17:46 --------- d-----w C:\Program Files\iPod
    2008-04-22 17:45 --------- d-----w C:\Program Files\QuickTime
    2008-04-22 17:38 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-20 14:31 --------- d-----w C:\Program Files\AutoCAD LT 2008
    2008-03-28 17:20 --------- d-----w C:\Program Files\Sprite Software
    2008-03-28 17:00 --------- d-----w C:\Program Files\Ressources Windows Mobile
    2007-07-22 19:24 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
    2002-06-18 14:31 246 ----a-w C:\Program Files\readme_xp.txt
    2002-06-18 14:27 56 ----a-w C:\Program Files\install_xp.bat
    1999-02-12 09:44 169,606 ----a-w C:\Program Files\gorgytim.sc_
    1998-12-02 06:40 342,592 ----a-w C:\Program Files\ledi.exe
    2007-11-14 16:41 168 --sh--r C:\WINDOWS\system32\B50A7B01E9.sys
    2007-11-14 16:42 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A18E0AB-87C3-4BE0-BA84-EDCA27F06851}]
    C:\WINDOWS\system32\wvUmMfFx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48F0B738-34A6-4113-B966-33C4EF85BCD9}]
    2008-05-25 18:29 29312 --a------ C:\WINDOWS\system32\vtUonnkh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B39613B-4B3D-4B0F-8BD5-07C2F4897B73}]
    2008-05-27 18:35 322944 --a------ C:\WINDOWS\system32\jkkIcYoN.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF2F1B0B-3A67-4874-985B-F566B7FE25DA}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDA8CFEC-3A91-4E29-B177-C598AB5DF0A8}]
    C:\WINDOWS\system32\wvUlmjKe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D300EE24-4A3E-4C5F-914D-800EF8387402}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
    "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29 389120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:06 219136]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{48F0B738-34A6-4113-B966-33C4EF85BCD9}"= C:\WINDOWS\system32\vtUonnkh.dll [2008-05-25 18:29 29312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUonnkh]
    vtUonnkh.dll 2008-05-25 18:29 29312 C:\WINDOWS\system32\vtUonnkh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "vidc.yv12"= yv12vfw.dll
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule
    "4672:TCP"= 4672:TCP:EMULE udp

    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 14:00]
    S3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 05:25]
    S3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 10:24]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-29 05:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-29 17:15:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-29 19:13:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\vtUonnkh.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-29 19:19:17 - machine was rebooted [Administrateur]
    ComboFix-quarantined-files.txt 2008-05-29 17:19:08

    Pre-Run: 12,020,342,784 octets libres
    Post-Run: 12,009,390,080 octets libres

    190 --- E O F --- 2008-05-17 11:35:31
    29 Mai 2008 19:38:16

    ma femme me dit c'est encore le même demande lui son adresse pour lui envoyer des fleurs c'est bien vrai ça
    29 Mai 2008 19:51:38

    spybot n'arrête pas de me poser des questions je réponds quoi?
    elément e4a16f3a base de registre ça te dit quelque chose?
    a b 8 Sécurité
    30 Mai 2008 21:29:43

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\wynsbctq.dll
    C:\WINDOWS\system32\ipkxgmty.dll
    C:\WINDOWS\system32\vqvbeysg.dll
    C:\WINDOWS\system32\jkkIcYoN.dll
    C:\WINDOWS\system32\vtUonnkh.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A18E0AB-87C3-4BE0-BA84-EDCA27F06851}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48F0B738-34A6-4113-B966-33C4EF85BCD9}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B39613B-4B3D-4B0F-8BD5-07C2F4897B73}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF2F1B0B-3A67-4874-985B-F566B7FE25DA}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDA8CFEC-3A91-4E29-B177-C598AB5DF0A8}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D300EE24-4A3E-4C5F-914D-800EF8387402}]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{48F0B738-34A6-4113-B966-33C4EF85BCD9}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUonnkh]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    30 Mai 2008 23:02:44

    ça marche ! un grand ouf! dois je garde spybot?

    ComboFix 08-05-25.5 - Administrateur 2008-05-30 22:35:46.4 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1752 [GMT 2:00]
    Endroit: C:\ComboFix.exe
    Command switches used :: C:\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\ipkxgmty.dll
    C:\WINDOWS\system32\jkkIcYoN.dll
    C:\WINDOWS\system32\vqvbeysg.dll
    C:\WINDOWS\system32\vtUonnkh.dll
    C:\WINDOWS\system32\wynsbctq.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ipkxgmty.dll
    C:\WINDOWS\system32\jkkIcYoN.dll
    C:\WINDOWS\system32\NoYcIkkj.ini
    C:\WINDOWS\system32\NoYcIkkj.ini2
    C:\WINDOWS\system32\qkbqbqaq.ini
    C:\WINDOWS\system32\vqvbeysg.dll
    C:\WINDOWS\system32\vtUonnkh.dll
    C:\WINDOWS\system32\wynsbctq.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-30 19:29 . 2008-05-30 19:29 95,744 --a------ C:\WINDOWS\system32\yrgqhmmd.dll
    2008-05-30 19:29 . 2008-05-30 19:30 354 ---hs---- C:\WINDOWS\system32\dmmhqgry.ini
    2008-05-29 19:26 . 2008-05-29 19:26 <REP> d-------- C:\WINDOWS\LastGood
    2008-05-29 19:19 . 2008-05-29 19:19 <REP> d-------- C:\Documents and Settings\Sam et Béné
    2008-05-29 19:19 . <REP> C:\Documents and Settings\Sam et BÚnÚ\Local Settings
    2008-05-29 19:19 . <REP> C:\Documents and Settings\Sam et BÚnÚ\Local Settings
    2008-05-27 17:57 . 2008-05-27 17:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
    2008-05-27 17:47 . 2008-05-27 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-05-27 17:42 . 2008-05-27 17:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-27 17:42 . 2008-05-27 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-27 17:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-27 17:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-26 22:45 . 2008-05-26 23:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-26 22:45 . 2008-05-26 23:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-26 18:39 . 2008-05-26 18:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-26 17:59 . 2008-05-26 17:59 <REP> d-------- C:\smit
    2008-05-26 12:36 . 2008-05-26 12:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
    2008-05-26 00:29 . 2008-05-26 00:29 155 --a------ C:\345543.bat
    2008-05-25 23:39 . 2008-05-26 22:44 3,726 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-25 23:38 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-05-25 23:38 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-05-25 23:38 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-05-25 23:38 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-05-25 23:38 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-05-25 23:38 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-05-25 23:38 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-05-25 23:38 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-05-25 22:55 . 2008-05-25 22:55 <REP> d-------- C:\Program Files\Windows Defender
    2008-05-25 21:16 . 2008-05-25 23:41 <REP> d-------- C:\Program Files\Yahoo!
    2008-05-25 20:24 . 2008-05-25 20:24 148 --a------ C:\WINDOWS\MAPSCANW.INI
    2008-05-25 19:12 . 2008-05-25 19:13 <REP> d-------- C:\MSW
    2008-05-25 18:29 . 2008-05-26 21:58 <REP> dr-h----- C:\$VAULT$.AVG
    2008-05-25 18:28 . 2008-05-25 15:15 94,208 --a------ C:\WINDOWS\etkq.exe
    2008-05-25 17:38 . 2008-05-25 17:38 <REP> d-------- C:\flexlm
    2008-05-24 11:05 . 2008-05-25 18:32 <REP> d-------- C:\Program Files\Raster Design 2008
    2008-05-20 19:02 . 2008-05-20 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-05-20 18:44 . 2008-05-24 00:44 <REP> d-------- C:\Program Files\Raster Design 2007
    2008-05-15 21:28 . 2008-05-15 21:28 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-05-15 21:04 . 2008-05-15 21:04 <REP> d-------- C:\Program Files\Consistent Software
    2008-05-08 12:59 . 2008-05-09 00:22 <REP> d-------- C:\Program Files\IKEA HomePlanner
    2008-05-08 12:59 . 2008-05-08 12:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-01 17:49 . 2008-05-01 17:49 <REP> d-------- C:\Program Files\Veoh Networks
    2008-04-22 19:47 . 2008-05-28 18:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-22 19:47 . 2008-04-22 19:47 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-22 19:46 . 2008-04-22 19:46 <REP> d-------- C:\Program Files\iTunes
    2008-04-22 19:46 . 2008-04-22 19:46 <REP> d-------- C:\Program Files\iPod
    2008-04-22 19:44 . 2008-04-22 19:45 <REP> d-------- C:\Program Files\QuickTime
    2008-04-20 16:06 . 2008-05-25 19:11 <REP> d-------- C:\Program Files\AutoCAD 2008
    2008-04-06 18:33 . 2008-04-06 18:33 377,456 --a------ C:\WINDOWS\system32\ssgorgytim.scr
    2008-04-06 18:32 . 1998-12-02 08:40 342,592 --a------ C:\Program Files\ledi.exe
    2008-04-06 18:32 . 2002-06-18 16:27 56 --a------ C:\Program Files\install_xp.bat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-29 05:06 --------- d-----w C:\Program Files\eMule
    2008-05-26 17:10 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-05-26 16:56 1,955,622 ----a-w C:\ComboFix.exe
    2008-05-26 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-26 16:36 --------- d-----w C:\Program Files\Roxio
    2008-05-26 16:36 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-05-26 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-05-26 16:04 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-05-25 17:11 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
    2008-05-25 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2008-04-22 17:38 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-20 14:31 --------- d-----w C:\Program Files\AutoCAD LT 2008
    2008-03-28 17:20 --------- d-----w C:\Program Files\Sprite Software
    2008-03-28 17:00 --------- d-----w C:\Program Files\Ressources Windows Mobile
    2007-07-22 19:24 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
    2002-06-18 14:31 246 ----a-w C:\Program Files\readme_xp.txt
    1999-02-12 09:44 169,606 ----a-w C:\Program Files\gorgytim.sc_
    2007-11-14 16:41 168 --sh--r C:\WINDOWS\system32\B50A7B01E9.sys
    2007-11-14 16:42 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-29_19.18.33.90 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-29 17:11:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-30 20:45:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
    "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29 389120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:06 219136]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "vidc.yv12"= yv12vfw.dll
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule
    "4672:TCP"= 4672:TCP:EMULE udp

    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 14:00]
    S3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 05:25]
    S3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 10:24]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-29 05:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-30 20:48:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-30 22:46:22
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-30 22:51:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-30 20:51:15
    ComboFix2.txt 2008-05-29 17:19:17

    Pre-Run: 12,012,310,528 octets libres
    Post-Run: 11,998,695,424 octets libres

    186 --- E O F --- 2008-05-29 17:27:32
    30 Mai 2008 23:04:29

    un problème demeure cependant je ne vois toujours pas mes disques durs... cela dit est ce que mes infos sont en sécurité?
    puis je me loguer sur ma banque ou y a t'il un risque?
    30 Mai 2008 23:15:26

    mise à jour xp service pack 3 en cours!
    a b 8 Sécurité
    31 Mai 2008 12:06:27

    Reposte un rapport Hijackthis :) 
    31 Mai 2008 21:04:06

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:03, on 2008-05-31
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    c:\program files\avira\antivir personaledition classic\avcenter.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1A18E0AB-87C3-4BE0-BA84-EDCA27F06851} - (no file)
    O2 - BHO: (no name) - {48F0B738-34A6-4113-B966-33C4EF85BCD9} - (no file)
    O2 - BHO: (no name) - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {AF2F1B0B-3A67-4874-985B-F566B7FE25DA} - (no file)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {CDA8CFEC-3A91-4E29-B177-C598AB5DF0A8} - (no file)
    O2 - BHO: (no name) - {D300EE24-4A3E-4C5F-914D-800EF8387402} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 8453 bytes


    Changé d'antivirus pour avira . C'est moi ou il ralenti sévèrement la navigation internet?
    31 Mai 2008 22:30:22



    Avira AntiVir Personal
    Report file date: 2008-05-31 20:21

    Scanning for 1302528 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: SAMETBENE

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
    ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 18:17:51
    ANTIVIR3.VDF : 7.0.4.118 376832 Bytes 2008-05-30 18:17:52
    Engineversion : 8.1.0.51
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
    AESCRIPT.DLL : 8.1.0.37 270715 Bytes 2008-05-31 18:18:04
    AESCN.DLL : 8.1.0.20 119157 Bytes 2008-05-31 18:18:02
    AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-31 18:18:01
    AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-31 18:18:00
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-31 18:17:59
    AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-31 18:17:58
    AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-05-31 18:17:55
    AEGEN.DLL : 8.1.0.25 307573 Bytes 2008-05-31 18:17:55
    AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-31 18:17:54
    AECORE.DLL : 8.1.0.30 168311 Bytes 2008-05-31 18:17:53
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-05-31 20:21

    The scan of running processes will be started
    Scan process 'WgaTray.exe' - '0' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'PSIService.exe' - '1' Module(s) have been scanned
    Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
    Scan process 'ehRec.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
    Scan process 'Skype.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    45 processes with 45 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '25' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\eMule\Incoming\Autodesk Autocad Raster Design v2008 Keygen Share Accelerator Updated-Fixed 09-2007.zip
    [0] Archive type: ZIP
    --> ShareAcceleratorMM_SS08.EXE
    [DETECTION] Contains detection pattern of the dropper DR/Shopper.K.15
    [NOTE] The file was moved to '48b59f3a.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkIcYoN.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '48aca341.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnNHaA.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '48afa34b.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\vqvbeysg.dll.vir
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.94208
    [NOTE] The file was moved to '48b7a352.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtUonnkh.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4896a359.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP496\A0062959.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.125952
    [NOTE] The file was moved to '4871a54f.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP496\A0062960.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.125952
    [NOTE] The file was moved to '4871a552.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP506\A0066928.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.VirusIsolator.L
    [NOTE] The file was moved to '4871a5ae.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP506\A0066953.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.nwq
    [NOTE] The file was moved to '4871a5b6.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP507\A0067144.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.VirusIsolator.L
    [NOTE] The file was moved to '4871a5ca.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0067152.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.VirusIsolator.L
    [NOTE] The file was moved to '4871a5d3.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0067183.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.VirusIsolator.L
    [NOTE] The file was moved to '4871a5dc.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0068207.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.qpc
    [NOTE] The file was moved to '4871a5e0.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0068208.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.qpc
    [NOTE] The file was moved to '4871a5e4.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0068209.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.qpc
    [NOTE] The file was moved to '4871a5ed.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0068210.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.qpc
    [NOTE] The file was moved to '490e9e7e.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0068211.dll
    [DETECTION] Is the Trojan horse TR/Agent.qnj
    [NOTE] The file was moved to '4871a5ef.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0068231.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.93
    [NOTE] The file was moved to '4871a5f0.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP508\A0068235.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.93
    [NOTE] The file was moved to '4871a5f2.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP518\A0069063.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '4871a61b.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP522\A0070158.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.93
    [NOTE] The file was moved to '4871a627.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP523\A0070170.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4871a628.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP523\A0070238.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '4871a629.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP527\A0070558.dll
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.94208
    [NOTE] The file was moved to '4871a636.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP527\A0070567.dll
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [NOTE] The file was moved to '490e9da7.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP527\A0070568.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4871a637.qua'!
    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP536\A0074962.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.93
    [NOTE] The file was moved to '4871a6e6.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <Sauvegarder>


    End of the scan: 2008-05-31 21:47
    Used time: 1:25:11 min

    The scan has been done completely.

    9222 Scanning directories
    742183 Files were scanned
    27 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    27 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    742156 Files not concerned
    5185 Archives were scanned
    3 Warnings
    27 Notes

    eloquent non?
    a b 8 Sécurité
    1 Juin 2008 11:49:25

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {1A18E0AB-87C3-4BE0-BA84-EDCA27F06851} - (no file)
    O2 - BHO: (no name) - {48F0B738-34A6-4113-B966-33C4EF85BCD9} - (no file)
    O2 - BHO: (no name) - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - (no file)
    O2 - BHO: (no name) - {AF2F1B0B-3A67-4874-985B-F566B7FE25DA} - (no file)
    O2 - BHO: (no name) - {CDA8CFEC-3A91-4E29-B177-C598AB5DF0A8} - (no file)
    O2 - BHO: (no name) - {D300EE24-4A3E-4C5F-914D-800EF8387402} - (no file)
    1 Juin 2008 14:34:57

    fait !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:34, on 2008-06-01
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 7419 bytes
    a b 8 Sécurité
    1 Juin 2008 19:19:52

    Tu devrais voir dans la section OS pour ce problème.
    1 Juin 2008 22:51:52

    ok en dehors de ça tu pense que mon PC est safe?
    a b 8 Sécurité
    2 Juin 2008 13:17:08

    Ouaip.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS