Sujet Précédent Sujet Suivant

Mal warrior / Comment le suprimer ??

Fermé
Speid29 Messages postés 88 Date d'inscription vendredi 28 septembre 2007 Statut Membre Dernière intervention 4 juin 2020 - 18 mai 2008 à 16:42
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 18 mai 2008 à 21:40
Bonjour,
depuis peu, mal warrior doit être installé sur mon pc car des messages d'attaques s'affichent et ils me demandent de les bloquer ou non. Après quelques recherches sur les forums, il semblerait que ce soit un Trojan.

Voici le rapport de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:01, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\PC Booster\PCBooster.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\wincmd\WINCMD32.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Julie\LOCALS~1\Temp\stdcons.exe/r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://section-f.spaces.live.com//PhotoUpload/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Unknown owner - C:\WINDOWS\system32\tgbstarter.exe
A voir également:

10 réponses

Réponse 1 / 10
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 mai 2008 à 16:48
salut,
rends toi sur ton pc ici : C:\Program Files\Hijackthis\HijackThis.exe <--- clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

!!Déconnectes toi et fermes toute tes applications en cours !!

Double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...
0
Réponse 2 / 10
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
18 mai 2008 à 16:50
bonjour, passe sdfix en modes sans echec et après reposte un nouveau hijackthis http://mickael.barroux.free.fr/securite/sdfix.php
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 mai 2008 à 16:55
Salut à toi ^^
Sdfix était bel et bien prévu au programme ;)
0
Réponse 3 / 10
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
18 mai 2008 à 17:48
Bonjour,

si je peux me permettre, je passerai Malwarebytes' Anti-Malware (MBAM)
0
Speid29 Messages postés 88 Date d'inscription vendredi 28 septembre 2007 Statut Membre Dernière intervention 4 juin 2020 1
18 mai 2008 à 18:09
Alors, pour commencer, merci de votre aide.
Donc, impossible de démarrer en mode sans échec, l'écra reste noir avec un tiret qui clignote en haut à gauche.

J'ai passé AVG AS et voici le log :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:07:22 18/05/2008

+ Résultat de l'analyse:



C:\Documents and Settings\Julie\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{0B536228-3BB5-4D8F-90A8-D8762E7DABC2}\RP281\A0041923.exe -> Not-A-Virus.Hacktool.EvID : Ignoré.
:mozilla.436:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.437:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.143:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.144:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.153:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.154:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.155:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.156:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.157:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.158:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.204:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.356:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Vincent\Cookies\vincent@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.512:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.513:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.514:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.515:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.516:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.517:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.518:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.519:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.115:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.70:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.71:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.72:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.73:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.74:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.101:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.15:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.245:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Vincent\Cookies\vincent@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.116:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.24:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.486:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.487:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.488:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.452:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.453:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.455:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.20:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.37:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.217:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.531:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.107:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.110:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.393:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.442:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.50:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.51:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.160:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.11:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.321:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.322:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.323:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.464:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.465:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.466:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.467:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.468:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.469:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.471:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Vincent\Cookies\vincent@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Vincent\Cookies\vincent@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.239:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé.
:mozilla.501:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.16:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.18:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.44:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.45:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.46:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.47:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Vincent\Cookies\vincent@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.438:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.21:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.81:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.82:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.83:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.207:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.208:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.209:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.210:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.211:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.212:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.213:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.271:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.272:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.273:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.274:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.275:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.276:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.277:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.278:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.279:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.280:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.281:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.298:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.299:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.300:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.301:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.349:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.13:C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\6kn6sqxf.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.267:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.381:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.382:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.383:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.384:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\lbgop4uq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\recover\Addon\proginst.exe -> Trojan.Small.gv : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport



J'ai également repassé "monjack" et ca donne ceci :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:49, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\PC Booster\PCBooster.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\wincmd\WINCMD32.EXE
C:\Program Files\Hijackthis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {806C2F6F-7853-4F20-AFBE-5656F773E22D} - C:\WINDOWS\system32\nnnlkkjG.dll
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\WINDOWS\system32\vtUmNdef.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Julie\LOCALS~1\Temp\stdcons.exe/r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://section-f.spaces.live.com//PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: vtUmNdef - C:\WINDOWS\SYSTEM32\vtUmNdef.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Unknown owner - C:\WINDOWS\system32\tgbstarter.exe
0
Réponse 4 / 10
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
18 mai 2008 à 18:30
bonjour sur hijackthis renommé tu as toujours sdfix et en plus un vundo je te propose de passer vundofix http://sasi.xooit.fr/t48-Guide-d-utilisation-de-VundoFix.htm et après essais de repasser sdfix et tu remets un nouveau rapport hijackthis renommé
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 mai 2008 à 18:33
Télécharges VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).

Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...
0
Speid29 Messages postés 88 Date d'inscription vendredi 28 septembre 2007 Statut Membre Dernière intervention 4 juin 2020 1
18 mai 2008 à 18:55
Alors pour le vbg, voici le log :


[05/18/2008, 18:44:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julie\Bureau\VirtumundoBeGone.exe" )
[05/18/2008, 18:44:25] - Detected System Information:
[05/18/2008, 18:44:25] - Windows Version: 5.1.2600, Service Pack 2
[05/18/2008, 18:44:25] - Current Username: Julie (Admin)
[05/18/2008, 18:44:25] - Windows is in NORMAL mode.
[05/18/2008, 18:44:25] - Searching for Browser Helper Objects:
[05/18/2008, 18:44:25] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/18/2008, 18:44:25] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/18/2008, 18:44:25] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/18/2008, 18:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/18/2008, 18:44:25] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/18/2008, 18:44:25] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/18/2008, 18:44:25] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/18/2008, 18:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:25] - No filename found. Continuing.
[05/18/2008, 18:44:25] - BHO 6: {806C2F6F-7853-4F20-AFBE-5656F773E22D} ()
[05/18/2008, 18:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:25] - Checking for HKLM\...\Winlogon\Notify\nnnlkkjG
[05/18/2008, 18:44:25] - Key not found: HKLM\...\Winlogon\Notify\nnnlkkjG, continuing.
[05/18/2008, 18:44:25] - BHO 7: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[05/18/2008, 18:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:25] - Checking for HKLM\...\Winlogon\Notify\vtUmNdef
[05/18/2008, 18:44:25] - Found: HKLM\...\Winlogon\Notify\vtUmNdef - This is probably Virtumundo.
[05/18/2008, 18:44:25] - Assigning {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} MSEvents Object
[05/18/2008, 18:44:25] - BHO list has been changed! Starting over...
[05/18/2008, 18:44:25] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/18/2008, 18:44:25] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/18/2008, 18:44:25] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/18/2008, 18:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/18/2008, 18:44:25] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/18/2008, 18:44:25] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/18/2008, 18:44:25] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/18/2008, 18:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:25] - No filename found. Continuing.
[05/18/2008, 18:44:25] - BHO 6: {806C2F6F-7853-4F20-AFBE-5656F773E22D} ()
[05/18/2008, 18:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:25] - Checking for HKLM\...\Winlogon\Notify\nnnlkkjG
[05/18/2008, 18:44:26] - Key not found: HKLM\...\Winlogon\Notify\nnnlkkjG, continuing.
[05/18/2008, 18:44:26] - BHO 7: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} (MSEvents Object)
[05/18/2008, 18:44:26] - ALERT: Found MSEvents Object!
[05/18/2008, 18:44:26] - Finished Searching Browser Helper Objects
[05/18/2008, 18:44:26] - *** Detected MSEvents Object
[05/18/2008, 18:44:26] - Trying to remove MSEvents Object...
[05/18/2008, 18:44:27] - Terminating Process: IEXPLORE.EXE
[05/18/2008, 18:44:27] - Terminating Process: RUNDLL32.EXE
[05/18/2008, 18:44:27] - Disabling Automatic Shell Restart
[05/18/2008, 18:44:27] - Terminating Process: EXPLORER.EXE
[05/18/2008, 18:44:28] - Suspending the NT Session Manager System Service
[05/18/2008, 18:44:28] - Terminating Windows NT Logon/Logoff Manager
[05/18/2008, 18:44:28] - Re-enabling Automatic Shell Restart
[05/18/2008, 18:44:28] - File to disable: C:\WINDOWS\system32\vtUmNdef.dll
[05/18/2008, 18:44:28] - Renaming C:\WINDOWS\system32\vtUmNdef.dll -> C:\WINDOWS\system32\vtUmNdef.dll.vir
[05/18/2008, 18:44:28] - File successfully renamed!
[05/18/2008, 18:44:28] - Removing HKLM\...\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[05/18/2008, 18:44:28] - Removing HKCR\CLSID\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[05/18/2008, 18:44:28] - Adding Kill Bit for ActiveX for GUID: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[05/18/2008, 18:44:29] - Deleting ATLEvents/MSEvents Registry entries
[05/18/2008, 18:44:29] - Removing HKLM\...\Winlogon\Notify\vtUmNdef
[05/18/2008, 18:44:29] - Searching for Browser Helper Objects:
[05/18/2008, 18:44:29] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/18/2008, 18:44:29] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/18/2008, 18:44:29] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/18/2008, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/18/2008, 18:44:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/18/2008, 18:44:29] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/18/2008, 18:44:29] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/18/2008, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:30] - No filename found. Continuing.
[05/18/2008, 18:44:30] - BHO 6: {806C2F6F-7853-4F20-AFBE-5656F773E22D} ()
[05/18/2008, 18:44:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/18/2008, 18:44:30] - Checking for HKLM\...\Winlogon\Notify\nnnlkkjG
[05/18/2008, 18:44:30] - Key not found: HKLM\...\Winlogon\Notify\nnnlkkjG, continuing.
[05/18/2008, 18:44:30] - Finished Searching Browser Helper Objects
[05/18/2008, 18:44:30] - Finishing up...
[05/18/2008, 18:44:30] - A restart is needed.
[05/18/2008, 18:44:35] - Attempting to Restart via STOP error (Blue Screen!)

Et pour monjack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:04, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\PC Booster\PCBooster.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\wincmd\WINCMD32.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\monjack.exe
C:\WINDOWS\TEMP\BN2.tmp
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22263833-8355-4F64-8F70-BF486694ADCE} - C:\WINDOWS\system32\nnnlkkjG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Julie\LOCALS~1\Temp\stdcons.exe/r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://section-f.spaces.live.com//PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Unknown owner - C:\WINDOWS\system32\tgbstarter.exe
0
Réponse 6 / 10
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 mai 2008 à 19:13
Télécharges MalwareByte's : ftp://ftp.commentcamarche.com/download/mbam-setup.exe
un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3

Instales le et mets le à jour .

Puis redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

Lances Malwarebyte's .

Fais un scan dit "complet" et supprimes tout ce qu'il peut trouver ...

Redémarres ton PC (mode normal ).

Postes le rapport sauvegardé après la supression des objets infectés (dans l'onglet "rapport/log") accompagné d'un nouvel hijackthis ...
0
Speid29 Messages postés 88 Date d'inscription vendredi 28 septembre 2007 Statut Membre Dernière intervention 4 juin 2020 1
18 mai 2008 à 19:37
Le problème c'est que je ne peux pas redémarrer en mode sans échec, l'écran reste noir avec le tiret qui clignote en haut a gauche.

Dois-je exécuter le scan quand même ?
0
Réponse 7 / 10
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
18 mai 2008 à 19:42
Re,

le démarrage en mode sans échec peut prendre du temps (30 mn).

Sinon, tu peux exécuter MBAM en mode normal.
0
Réponse 8 / 10
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 mai 2008 à 19:42
Tant pis , lances le en mode normal dans un premier temps ....
0
Réponse 9 / 10
Speid29 Messages postés 88 Date d'inscription vendredi 28 septembre 2007 Statut Membre Dernière intervention 4 juin 2020 1
18 mai 2008 à 20:30
Pour le log de MBAM, voici :

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 762

Type de recherche: Examen complet (C:\|)
Eléments examinés: 138883
Temps écoulé: 35 minute(s), 31 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 23

Processus mémoire infecté(s):
c:\documents and settings\all users\application data\adsl software limited\malwarrior 2008\malwarrior.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnlkkjG.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6bbe78d-4f31-466c-b246-b60577fa449a} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e6bbe78d-4f31-466c-b246-b60577fa449a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Carlson (Dialer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalWarrior (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TacOnlyOne\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnlkkjg -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnlkkjg -> Delete on reboot.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\all users\application data\adsl software limited\malwarrior 2008\malwarrior.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dtmuyyyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iyyyumtd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnlkkjG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\Gjkklnnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Gjkklnnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julie\Local Settings\Temp\setup_526_1_.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julie\Local Settings\Temp\stdcons.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\4TCV83MT\hctp[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0B536228-3BB5-4D8F-90A8-D8762E7DABC2}\RP294\A0042622.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0B536228-3BB5-4D8F-90A8-D8762E7DABC2}\RP297\A0047731.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080517040300191.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080518000911843.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080518120757850.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080518125313000.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080518130750078.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080518172145781.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080518184936750.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080518193332671.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\All Users\Bureau\Casino Tropez.lnk (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


et pour hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:16, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\PC Booster\PCBooster.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\wincmd\WINCMD32.EXE
C:\Program Files\Hijackthis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://section-f.spaces.live.com//PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Unknown owner - C:\WINDOWS\system32\tgbstarter.exe
0
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
18 mai 2008 à 21:40
rebonjour, sur ton rapport hijackthis il n'y a plus que des lignes à fixer et c'est bon tu relances hijackthis et tu fixes ces lignes comme expliqué: fixer les lignes: http://pageperso.aol.fr/balltrap34/demohijack.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
et si tu veux en remettre un pour être sur tu le fais
0
Réponse 10 / 10
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 mai 2008 à 20:45
Malwarebytes à bien bosser ...
Il est une salté à nettoyer ...

Télécharges ComboFix (par sUBs) sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .

Démarrer en mode sans echec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
Double cliquer combofix.exe.

Appuyer sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

Le rapport sera crée dans: C:\Combofix.txt

Redémarres ton PC ( mode normal )
Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse .
0

Discussions similaires

mon pc capte mal en wifi
soprano2706 -
aghiles11 -

20 réponses
Carte graphique mal enclanchée dans carte mère
Samouman -
AluMinioume -

12 réponses
Verre trempé ne colle pas sur les bords
Maxiime59 -
Maxiime59 -

9 réponses