Votre question

Impossible à enlever Trojan horse TR/Vundo.Gen

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Mars 2008 18:46:49

Bonjour, Je viens de me choper une saloperie de Trojan horse TR/Vundo.Gen que Antivir ma détecter.

Il n'arrive pas à supprimer le fichier C:\WINDOWS\system32\nnllm.dll

Je viens de refaire un scan en mode sans echec et il me le détecte pas. Surement un malaware. J'ai essayé de mettre en quarantaine le dll concerné mais il reviens toujours.

J'ai fais un spybot mais aussi à l'usine à gaz de ad-aware 2007 mais rien y fais il perciste.

Merci de bien vouloir m'aider :sweat: 
Voici le rapport de Hitjackthis:

  1. Logfile of Trend Micro HijackThis v2.0.2
  2. Scan saved at 18:33:26, on 04/03/2008
  3. Platform: Windows XP SP2 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v7.00 (7.00.5730.0011)
  5. Boot mode: Normal
  6.  
  7. Running processes:
  8. C:\WINDOWS\System32\smss.exe
  9. C:\WINDOWS\system32\winlogon.exe
  10. C:\WINDOWS\system32\services.exe
  11. C:\WINDOWS\system32\lsass.exe
  12. C:\WINDOWS\system32\Ati2evxx.exe
  13. C:\WINDOWS\system32\svchost.exe
  14. C:\WINDOWS\System32\svchost.exe
  15. C:\WINDOWS\Explorer.EXE
  16. C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  17. D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  18. C:\WINDOWS\system32\spoolsv.exe
  19. D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
  20. D:\Avira\AntiVir PersonalEdition Classic\sched.exe
  21. C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
  22. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  23. C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
  24. C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  25. D:\Program Files\Raxco\PerfectDisk\PDSched.exe
  26. C:\WINDOWS\system32\wscntfy.exe
  27. C:\WINDOWS\AGRSMMSG.exe
  28. C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  29. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  30. C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  31. C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
  32. D:\Program Files\Notebook Hardware Control\nhc.exe
  33. D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  34. D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
  35. C:\WINDOWS\system32\ctfmon.exe
  36. D:\Program Files\SuperCopier\SuperCopier.exe
  37. D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  38. C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
  39. C:\WINDOWS\System32\svchost.exe
  40. D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
  41. E:\Travail\PortableApps\FirefoxPortable\App\firefox\firefox.exe
  42. D:\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
  43. D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  44.  
  45. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.fr/" rel="nofollow" target="_blank">http://www.google.fr/</a>
  46. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>
  47. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>
  48. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>
  49. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>
  50. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  51. O2 - BHO: (no name) - {05673812-7650-4DDF-AEB1-0C0021AAE0C8} - (no file)
  52. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  53. O2 - BHO: (no name) - {2BD91080-33F5-4386-B00E-1FCF6E04D65F} - C:\WINDOWS\system32\nnllm.dll
  54. O2 - BHO: (no name) - {3AA83C2D-8C0B-4670-84C8-355518A2A664} - (no file)
  55. O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  56. O2 - BHO: (no name) - {67DD68CE-8163-418F-A001-05012A54525A} - (no file)
  57. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  58. O2 - BHO: (no name) - {88FCBA94-DB29-4BA2-8186-1703480A5024} - (no file)
  59. O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  60. O2 - BHO: (no name) - {AB7A56BD-72B9-430A-BFAA-138653D4B533} - (no file)
  61. O2 - BHO: (no name) - {C9706E13-38A1-4956-90C3-C172F890F752} - (no file)
  62. O2 - BHO: (no name) - {DD7699E0-4D08-431E-A410-1A35085E12B5} - (no file)
  63. O2 - BHO: (no name) - {EC916EB0-EEC9-412D-A384-8FEC9CA9A187} - (no file)
  64. O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - C:\WINDOWS\system32\pmnmlkj.dll
  65. O2 - BHO: (no name) - {EDE5193C-C56E-40E6-A3F2-266ED70FF719} - (no file)
  66. O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  67. O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  68. O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  69. O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  70. O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  71. O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
  72. O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
  73. O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  74. O4 - HKLM\..\Run: [08f58035] rundll32.exe "C:\WINDOWS\system32\cxjxikkd.dll",b
  75. O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
  76. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  77. O4 - HKCU\..\Run: [SuperCopier.exe] D:\Program Files\SuperCopier\SuperCopier.exe
  78. O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  79. O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
  80. O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
  81. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  82. O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  83. O4 - Global Startup: BTTray.lnk = ?
  84. O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  85. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  86. O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
  87. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
  88. O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
  89. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  90. O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  91. O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  92. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  93. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  94. O14 - IERESET.INF: START_PAGE_URL=<a href="http://www.google.fr/" rel="nofollow" target="_blank">http://www.google.fr/</a>
  95. O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3D8131-984E-41AD-86D9-F3E949A88B77}: NameServer = 192.168.1.1
  96. O20 - AppInit_DLLs:
  97. O20 - Winlogon Notify: pmnmlkj - C:\WINDOWS\SYSTEM32\pmnmlkj.dll
  98. O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  99. O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe
  100. O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
  101. O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  102. O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
  103. O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
  104. O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe
  105. O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  106. O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  107.  
  108. --
  109. End of file - 7917 bytes

En se moment je refais un spybot en mode sans echec.

Autres pages sur : impossible enlever trojan horse vundo gen

5 Mars 2008 13:24:33

Après le scan de spybot, toujours rien.
Personne ne vois coment faire?
a b 8 Sécurité
5 Mars 2008 13:36:24

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    &

    Télécharge[#ff0000] FindAWF[/#f]:
    http://noahdfear.net/downloads/FindAWF.exe

    Sauvegarde le fichier sur ton Bureau.
    Double-clique sur l'icône FindAWF. Appuie sur une touche pour poursuivre le lancement de l'outil.

    Si une alerte de sécurité apparait, autorise le programme à s'exécuter.
    Comme indiqué, presse une touche pour continuer.
    Choisis l'option suivante : Press 1 then Enter to scan for bak folders
    Le scan peut prendre un peu de temps, donc soit patient.

    Quand il a fini, un rapport Find AWF report est généré.
    Poste ce rapport Find AWF report dans ta prochaine réponse.
    Contenus similaires
    5 Mars 2008 17:04:05

    Voici le rapport VundiFix.exe une autre version car le votre me dis:

    1. Run-time error '339':
    2. Component 'comdlg32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid


    Sinon sur la version VundoFix V6.5.4 voici le rapport:

    1. VundoFix V6.5.4
    2.  
    3. Checking Java version...
    4.  
    5. Scan started at 16:56:12 05/03/2008
    6.  
    7. Listing files found while scanning....
    8.  
    9. No infected files were found.
    10.  
    11.  
    12. Beginning removal...


    Voici le rapport Hijackthis:

    1. Logfile of Trend Micro HijackThis v2.0.2
    2. Scan saved at 16:59:40, on 05/03/2008
    3. Platform: Windows XP SP2 (WinNT 5.01.2600)
    4. MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    5. Boot mode: Normal
    6.  
    7. Running processes:
    8. C:\WINDOWS\System32\smss.exe
    9. C:\WINDOWS\system32\winlogon.exe
    10. C:\WINDOWS\system32\services.exe
    11. C:\WINDOWS\system32\lsass.exe
    12. C:\WINDOWS\system32\Ati2evxx.exe
    13. C:\WINDOWS\system32\svchost.exe
    14. C:\WINDOWS\System32\svchost.exe
    15. C:\WINDOWS\Explorer.EXE
    16. C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    17. D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    18. C:\WINDOWS\system32\spoolsv.exe
    19. D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
    20. D:\Avira\AntiVir PersonalEdition Classic\sched.exe
    21. C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    22. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23. C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    24. C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    25. D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    26. C:\WINDOWS\system32\wscntfy.exe
    27. C:\WINDOWS\AGRSMMSG.exe
    28. C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    29. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    30. C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    31. C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    32. D:\Program Files\Notebook Hardware Control\nhc.exe
    33. D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    34. D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    35. C:\WINDOWS\system32\ctfmon.exe
    36. D:\Program Files\SuperCopier\SuperCopier.exe
    37. C:\WINDOWS\System32\svchost.exe
    38. C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    39. D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    40. C:\WINDOWS\system32\wuauclt.exe
    41. E:\Travail\PortableApps\FirefoxPortable\App\firefox\firefox.exe
    42. D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    43.  
    44. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.fr/" rel="nofollow" target="_blank">http://www.google.fr/</a>
    45. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>
    46. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>
    47. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>
    48. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>
    49. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    50. O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    51. O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    52. O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    53. O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    54. O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    55. O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    56. O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
    57. O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    58. O4 - HKLM\..\Run: [08f58035] rundll32.exe "C:\WINDOWS\system32\cxjxikkd.dll",b
    59. O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    60. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    61. O4 - HKCU\..\Run: [SuperCopier.exe] D:\Program Files\SuperCopier\SuperCopier.exe
    62. O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    63. O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    64. O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    65. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    66. O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    67. O4 - Global Startup: BTTray.lnk = ?
    68. O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    69. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    70. O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    71. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    72. O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    73. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    74. O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    75. O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    76. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    77. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    78. O14 - IERESET.INF: START_PAGE_URL=<a href="http://www.google.fr/" rel="nofollow" target="_blank">http://www.google.fr/</a>
    79. O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3D8131-984E-41AD-86D9-F3E949A88B77}: NameServer = 192.168.1.1
    80. O20 - AppInit_DLLs:
    81. O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    82. O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe
    83. O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
    84. O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    85. O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    86. O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    87. O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    88. O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    89. O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    90.  
    91. --
    92. End of file - 6398 bytes


    Voici Find AWF report:

    1. Find AWF report by noahdfear ©2006
    2. Version 1.40
    3.  
    4.  
    5.  
    6. bak folders found
    7. ~~~~~~~~~~~
    8.  
    9.  
    10.  
    11. Duplicate files of bak directory contents
    12. ~~~~~~~~~~~~~~~~~~~~~~~
    13.  
    14.  
    15.  
    16. end of report


    a b 8 Sécurité
    5 Mars 2008 18:38:48

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    5 Mars 2008 20:54:43

    Merci de ton aide :)  .

    Voici le rapport de Combofix:

    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\mllnn.ini
    C:\WINDOWS\system32\mllnn.ini2
    C:\WINDOWS\system32\nnllm.dll
    C:\WINDOWS\system32\nynflskg.ini
    C:\WINDOWS\system32\pmnmlkj.dll
    C:\WINDOWS\system32\stvwa.ini
    C:\WINDOWS\system32\stvwa.ini2
    C:\WINDOWS\system32\tgfvvaxk.dll
    C:\WINDOWS\system32\wdanbtvu.ini
    C:\WINDOWS\system32\xxyyaww.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-05 17:49 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-03-05 16:48 . 2008-03-05 16:48 <REP> d-------- C:\VundoFix Backups
    2008-03-04 02:09 . 2008-03-04 02:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-04 01:33 . 2008-03-04 01:49 1,304,182 ---hs---- C:\WINDOWS\system32\mluwidwo.ini
    2008-03-03 20:35 . 2008-03-03 20:35 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-03-03 20:32 . 2008-03-03 20:32 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-03-03 19:20 . 2008-03-05 20:42 886,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-03 19:20 . 2008-03-05 20:41 14,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-03 19:16 . 2008-03-03 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-03 19:16 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2008-03-03 19:16 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-03-03 19:16 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-03-03 19:16 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-03-03 19:16 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-03-03 19:16 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-03 19:16 . 2008-03-03 19:18 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-03 19:14 . 2008-03-05 20:30 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-03 01:52 . 2008-03-03 11:04 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Comodo
    2008-03-03 01:52 . 2008-03-03 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
    2008-03-03 01:29 . 2008-03-04 01:30 1,304,062 ---hs---- C:\WINDOWS\system32\dkkixjxc.ini
    2008-03-02 01:46 . 2008-03-02 01:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-02 01:45 . 2008-03-02 01:45 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-02 00:30 . 2008-03-02 00:30 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Talkback
    2008-03-02 00:30 . 2008-03-02 00:30 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-02 00:29 . 2008-03-02 00:29 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Thunderbird
    2008-03-01 23:53 . 2008-03-01 23:53 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
    2008-03-01 23:52 . 2008-03-01 23:52 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-02-29 12:32 . 2008-02-29 12:32 90 --a------ C:\WINDOWS\wininit.ini
    2008-02-29 12:04 . 2008-02-29 12:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r%u201Aseau
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-02-29 03:02 . 2008-02-27 19:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Mod%u0160les
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D%u201Amarrer
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-02-29 02:27 . 2008-02-29 02:27 <REP> d-------- C:\WINDOWS\Sun
    2008-02-28 11:54 . 2008-02-28 11:54 <REP> d---s---- C:\Documents and Settings\SALHI\UserData
    2008-02-28 11:44 . 2008-02-28 11:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-02-28 11:44 . 2008-02-28 11:44 <REP> d-------- C:\Program Files\MSN Messenger
    2008-02-28 11:44 . 2008-02-28 11:44 <REP> d-------- C:\Documents and Settings\SALHI\Contacts
    2008-02-27 23:14 . 2008-02-27 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
    2008-02-27 23:01 . 2008-02-27 23:01 <REP> d-------- C:\Program Files\MSECache
    2008-02-27 22:45 . 2008-03-05 20:42 12,288 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
    2008-02-27 21:10 . 2008-02-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Raxco
    2008-02-27 21:07 . 2008-02-27 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-02-27 21:05 . 2008-02-27 21:05 <REP> d-------- C:\Program Files\MSBuild
    2008-02-27 21:05 . 2008-02-27 21:05 <REP> d-------- C:\Program Files\Microsoft Works
    2008-02-27 21:05 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
    2008-02-27 21:00 . 2008-02-27 21:04 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-02-27 21:00 . 2008-02-27 21:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-27 19:45 --------- d-----w C:\Program Files\Alwil Software
    2008-02-27 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-27 19:35 --------- d-----w C:\Program Files\InterVideo
    2008-02-27 19:34 1,716 --sha-r C:\WINDOWS\system32\drivers\HP_hp CPQ nc6000 (DD522AV)_YN_U_QFRB407_E_4_I0890_SHP_V8051 Version 1A.19_B68BDD Ver. F.14_T050623_WXP2_L40C_M2048_J80_7Intel_8Pentium M_91,79_1_N_P12177223_Z808624C6_K_A808624C5_U808624C2_G10024E50.MRK
    2008-02-27 19:34 --------- d-----w C:\Program Files\Java
    2008-02-27 19:34 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-02-27 19:33 --------- d-----w C:\Program Files\HPQ
    2008-02-27 19:32 --------- d-----w C:\Program Files\Intel
    2008-02-27 19:31 --------- d-----w C:\Program Files\HP
    2008-02-27 19:28 --------- d-----w C:\Program Files\ATI Technologies
    2008-02-27 19:27 --------- d-----w C:\Program Files\Synaptics
    2008-02-27 19:26 --------- d-----w C:\Program Files\Broadcom
    2008-02-27 19:24 --------- d-----w C:\Program Files\WIDCOMM
    2008-02-27 19:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-02-27 19:23 --------- d-----w C:\Program Files\Analog Devices
    2008-02-27 18:54 --------- d-----w C:\Program Files\microsoft frontpage
    2008-02-27 18:48 558,142 ----a-w C:\WINDOWS\java\Packages\OEYAB9NB.ZIP
    2008-02-27 18:48 155,995 ----a-w C:\WINDOWS\java\Packages\42N7R5JV.ZIP
    2008-02-27 18:45 --------- d-----w C:\Program Files\Services en ligne
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05673812-7650-4DDF-AEB1-0C0021AAE0C8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FAAEB63-B537-41E4-B057-09D53645121F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BD91080-33F5-4386-B00E-1FCF6E04D65F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30852797-0F09-42A0-8340-3E169A7A3C01}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA83C2D-8C0B-4670-84C8-355518A2A664}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67DD68CE-8163-418F-A001-05012A54525A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88FCBA94-DB29-4BA2-8186-1703480A5024}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8f4120fc-a753-4cb9-96e6-4c80ea5eab91}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB7A56BD-72B9-430A-BFAA-138653D4B533}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9706E13-38A1-4956-90C3-C172F890F752}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD7699E0-4D08-431E-A410-1A35085E12B5}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC916EB0-EEC9-412D-A384-8FEC9CA9A187}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDE5193C-C56E-40E6-A3F2-266ED70FF719}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "SuperCopier.exe"="D:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 23:03 683520]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 18:01 88267 C:\WINDOWS\AGRSMMSG.exe]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 21:09 110592]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 21:08 618496]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 23:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 17:55 274432]
    "NotebookHardwareControl"="D:\Program Files\Notebook Hardware Control\nhc.exe" [2006-09-01 18:40 2228224]
    "ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
    "08f58035"="C:\WINDOWS\system32\cxjxikkd.dll" [ ]
    "avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-04 02:12 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlkj]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "E:\\emulemorph\\emule\\emule.exe"=
    "C:\\Documents and Settings\\SALHI\\Bureau\\srv\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"=
    "C:\\Documents and Settings\\SALHI\\Bureau\\srv\\mnt\\usr\\local\\apache2\\bin\\Apache.exe"=

    R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
    R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
    R2 PDSched;PDScheduler;"D:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-01-04 15:59]
    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 02:49]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 16:50]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae1f3f0-e580-11dc-8ba3-00127958341a}]
    \Shell\AutoRun\command - H:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "cryptage"
    \Shell\dismount\command - H:\TrueCrypt\TrueCrypt.exe /q /d
    \Shell\start\command - H:\TrueCrypt\TrueCrypt.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-05 20:42:56
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-05 20:44:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-05 19:44:13
    6 Mars 2008 13:25:31

    Je fais quoi ensuite Angeldark???
    Si c'est trop long, autant que je formate le tout??
    a b 8 Sécurité
    6 Mars 2008 13:35:00

    Re,

    La prochaine fois, mets les rapports dans les balises [*fixed] (sans *)

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\mluwidwo.ini
    C:\WINDOWS\system32\cxjxikkd.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05673812-7650-4DDF-AEB1-0C0021AAE0C8}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FAAEB63-B537-41E4-B057-09D53645121F}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BD91080-33F5-4386-B00E-1FCF6E04D65F}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30852797-0F09-42A0-8340-3E169A7A3C01}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA83C2D-8C0B-4670-84C8-355518A2A664}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67DD68CE-8163-418F-A001-05012A54525A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88FCBA94-DB29-4BA2-8186-1703480A5024}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8f4120fc-a753-4cb9-96e6-4c80ea5eab91}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB7A56BD-72B9-430A-BFAA-138653D4B533}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9706E13-38A1-4956-90C3-C172F890F752}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD7699E0-4D08-431E-A410-1A35085E12B5}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC916EB0-EEC9-412D-A384-8FEC9CA9A187}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDE5193C-C56E-40E6-A3F2-266ED70FF719}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "08f58035"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    6 Mars 2008 14:31:21

    Voici le rapport Combofix.exe:

    ComboFix 08-03-05.1 - SALHI 2008-03-06 14:26:19.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1615 [GMT 1:00]
    Endroit: C:\Documents and Settings\SALHI\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\SALHI\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\cxjxikkd.dll
    C:\WINDOWS\system32\mluwidwo.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\mluwidwo.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-05 22:05 . 2008-03-05 22:05 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\InterVideo
    2008-03-05 17:49 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-03-05 16:48 . 2008-03-05 16:48 <REP> d-------- C:\VundoFix Backups
    2008-03-04 02:09 . 2008-03-04 02:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-03 20:35 . 2008-03-03 20:35 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-03-03 20:32 . 2008-03-03 20:32 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-03-03 19:20 . 2008-03-06 14:27 1,034,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-03 19:20 . 2008-03-05 20:41 14,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-03 19:16 . 2008-03-03 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-03 19:16 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2008-03-03 19:16 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-03-03 19:16 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-03-03 19:16 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-03-03 19:16 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-03-03 19:16 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-03 19:16 . 2008-03-03 19:18 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-03 19:14 . 2008-03-06 14:23 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-03 01:52 . 2008-03-03 11:04 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Comodo
    2008-03-03 01:52 . 2008-03-03 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
    2008-03-03 01:29 . 2008-03-04 01:30 1,304,062 ---hs---- C:\WINDOWS\system32\dkkixjxc.ini
    2008-03-02 01:46 . 2008-03-02 01:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-02 01:45 . 2008-03-02 01:45 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-02 00:30 . 2008-03-02 00:30 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Talkback
    2008-03-02 00:30 . 2008-03-02 00:30 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-02 00:29 . 2008-03-02 00:29 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Thunderbird
    2008-03-01 23:53 . 2008-03-01 23:53 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
    2008-03-01 23:52 . 2008-03-01 23:52 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-02-29 12:32 . 2008-02-29 12:32 90 --a------ C:\WINDOWS\wininit.ini
    2008-02-29 12:04 . 2008-02-29 12:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-02-29 03:02 . 2008-02-27 19:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-02-29 02:27 . 2008-02-29 02:27 <REP> d-------- C:\WINDOWS\Sun
    2008-02-28 11:54 . 2008-02-28 11:54 <REP> d--hs---- C:\Documents and Settings\SALHI\UserData
    2008-02-28 11:44 . 2008-02-28 11:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-02-28 11:44 . 2008-02-28 11:44 <REP> d-------- C:\Program Files\MSN Messenger
    2008-02-28 11:44 . 2008-02-28 11:44 <REP> d-------- C:\Documents and Settings\SALHI\Contacts
    2008-02-27 23:14 . 2008-02-27 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
    2008-02-27 23:01 . 2008-02-27 23:01 <REP> d-------- C:\Program Files\MSECache
    2008-02-27 22:45 . 2008-03-05 20:42 12,288 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
    2008-02-27 21:10 . 2008-02-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Raxco
    2008-02-27 21:07 . 2008-02-27 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-02-27 21:05 . 2008-02-27 21:05 <REP> d-------- C:\Program Files\MSBuild
    2008-02-27 21:05 . 2008-02-27 21:05 <REP> d-------- C:\Program Files\Microsoft Works
    2008-02-27 21:05 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
    2008-02-27 21:00 . 2008-02-27 21:04 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-02-27 21:00 . 2008-02-27 21:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-27 19:45 --------- d-----w C:\Program Files\Alwil Software
    2008-02-27 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-27 19:35 --------- d-----w C:\Program Files\InterVideo
    2008-02-27 19:34 1,716 --sha-r C:\WINDOWS\system32\drivers\HP_hp CPQ nc6000 (DD522AV)_YN_U_QFRB407_E_4_I0890_SHP_V8051 Version 1A.19_B68BDD Ver. F.14_T050623_WXP2_L40C_M2048_J80_7Intel_8Pentium M_91,79_1_N_P12177223_Z808624C6_K_A808624C5_U808624C2_G10024E50.MRK
    2008-02-27 19:34 --------- d-----w C:\Program Files\Java
    2008-02-27 19:34 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-02-27 19:33 --------- d-----w C:\Program Files\HPQ
    2008-02-27 19:32 --------- d-----w C:\Program Files\Intel
    2008-02-27 19:31 --------- d-----w C:\Program Files\HP
    2008-02-27 19:28 --------- d-----w C:\Program Files\ATI Technologies
    2008-02-27 19:27 --------- d-----w C:\Program Files\Synaptics
    2008-02-27 19:26 --------- d-----w C:\Program Files\Broadcom
    2008-02-27 19:24 --------- d-----w C:\Program Files\WIDCOMM
    2008-02-27 19:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-02-27 19:23 --------- d-----w C:\Program Files\Analog Devices
    2008-02-27 18:54 --------- d-----w C:\Program Files\microsoft frontpage
    2008-02-27 18:48 558,142 ----a-w C:\WINDOWS\java\Packages\OEYAB9NB.ZIP
    2008-02-27 18:48 155,995 ----a-w C:\WINDOWS\java\Packages\42N7R5JV.ZIP
    2008-02-27 18:45 --------- d-----w C:\Program Files\Services en ligne
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "SuperCopier.exe"="D:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 23:03 683520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 18:01 88267 C:\WINDOWS\AGRSMMSG.exe]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 21:09 110592]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 21:08 618496]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 23:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 17:55 274432]
    "NotebookHardwareControl"="D:\Program Files\Notebook Hardware Control\nhc.exe" [2006-09-01 18:40 2228224]
    "ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
    "avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-04 02:12 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2003-09-12 11:42:00 503869]
    Lancement rapide d'Adobe Reader.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "E:\\emulemorph\\emule\\emule.exe"=
    "C:\\Documents and Settings\\SALHI\\Bureau\\srv\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"=
    "C:\\Documents and Settings\\SALHI\\Bureau\\srv\\mnt\\usr\\local\\apache2\\bin\\Apache.exe"=

    R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
    R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
    R2 PDSched;PDScheduler;"D:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-01-04 15:59]
    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 02:49]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 16:50]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae1f3f0-e580-11dc-8ba3-00127958341a}]
    \Shell\AutoRun\command - H:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "cryptage"
    \Shell\dismount\command - H:\TrueCrypt\TrueCrypt.exe /q /d
    \Shell\start\command - H:\TrueCrypt\TrueCrypt.exe

    *Newly Created Service* - UDFS
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-06 14:27:27
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-06 14:27:54
    ComboFix-quarantined-files.txt 2008-03-06 13:27:51
    ComboFix2.txt 2008-03-05 19:44:17


    Voici le rapport hitjakthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:31:09, on 06/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    D:\Program Files\Notebook Hardware Control\nhc.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    D:\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    E:\Travail\PortableApps\FirefoxPortable\App\firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {05673812-7650-4DDF-AEB1-0C0021AAE0C8} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0FAAEB63-B537-41E4-B057-09D53645121F} - (no file)
    O2 - BHO: (no name) - {2BD91080-33F5-4386-B00E-1FCF6E04D65F} - (no file)
    O2 - BHO: (no name) - {30852797-0F09-42A0-8340-3E169A7A3C01} - (no file)
    O2 - BHO: (no name) - {3AA83C2D-8C0B-4670-84C8-355518A2A664} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {67DD68CE-8163-418F-A001-05012A54525A} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {88FCBA94-DB29-4BA2-8186-1703480A5024} - (no file)
    O2 - BHO: (no name) - {8f4120fc-a753-4cb9-96e6-4c80ea5eab91} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AB7A56BD-72B9-430A-BFAA-138653D4B533} - (no file)
    O2 - BHO: (no name) - {C9706E13-38A1-4956-90C3-C172F890F752} - (no file)
    O2 - BHO: (no name) - {DD7699E0-4D08-431E-A410-1A35085E12B5} - (no file)
    O2 - BHO: (no name) - {EC916EB0-EEC9-412D-A384-8FEC9CA9A187} - (no file)
    O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
    O2 - BHO: (no name) - {EDE5193C-C56E-40E6-A3F2-266ED70FF719} - (no file)
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier.exe] D:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3D8131-984E-41AD-86D9-F3E949A88B77}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: pmnmlkj - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7771 bytes
    a b 8 Sécurité
    6 Mars 2008 18:10:13

    Re,

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {05673812-7650-4DDF-AEB1-0C0021AAE0C8} - (no file)
    O2 - BHO: (no name) - {0FAAEB63-B537-41E4-B057-09D53645121F} - (no file)
    O2 - BHO: (no name) - {2BD91080-33F5-4386-B00E-1FCF6E04D65F} - (no file)
    O2 - BHO: (no name) - {30852797-0F09-42A0-8340-3E169A7A3C01} - (no file)
    O2 - BHO: (no name) - {3AA83C2D-8C0B-4670-84C8-355518A2A664} - (no file)
    O2 - BHO: (no name) - {67DD68CE-8163-418F-A001-05012A54525A} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {88FCBA94-DB29-4BA2-8186-1703480A5024} - (no file)
    O2 - BHO: (no name) - {8f4120fc-a753-4cb9-96e6-4c80ea5eab91} - (no file)
    O2 - BHO: (no name) - {AB7A56BD-72B9-430A-BFAA-138653D4B533} - (no file)
    O2 - BHO: (no name) - {C9706E13-38A1-4956-90C3-C172F890F752} - (no file)
    O2 - BHO: (no name) - {DD7699E0-4D08-431E-A410-1A35085E12B5} - (no file)
    O2 - BHO: (no name) - {EC916EB0-EEC9-412D-A384-8FEC9CA9A187} - (no file)
    O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
    O2 - BHO: (no name) - {EDE5193C-C56E-40E6-A3F2-266ED70FF719} - (no file)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS