01net    Web


Actuellement en ligne : 1198 Utilisateurs dont 163 dans Sécurité, virus et assimilés >S'inscrire      >S'identifier      >Recherche      >Aide  
modéré par A.Ouloube, naheulbeuk, Mérillym, bibou0007, Malekal_morte, IL-MAFIOSO  
01net > Forum de 01net > Sécurité, virus et assimilés > Trojan et spywares
> supprimer flashfunpages de mon bureau
Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...
Auteur
Message
 
<     1       >
yoyo6464
  
   
      ?   @     Posté le 21/06/2008 09:27:09  
Voter pour ce message
salut

j'ai un problème sur mon pc, je n'arrive plus a changer mon fond d'ecran car des pages flashfunpages s'interposent sur mon bureau. J'ai aussi des messages d'erreur internet exploirer qui s'affiche de temps en temps sans oublier que mon ordinateur est lent et chauffe très vite !!!
Je suis novice et je n'y connais rien !!!
pouvez-vous m'aider s'il vous plait.
merci d'avance!
naheulbeuk
  
  :-)
      ?   ^   @     Posté le 21/06/2008 11:21:09  
Voter pour ce message
bonjour,

Télécharge HijackThis

Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php

Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !

:hello:
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
yoyo6464
  
   
      ?   @     Posté le 21/06/2008 13:27:24  
Voter pour ce message
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:26, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\PV-CX881PL+\TVRMVCR.EXE
C:\Program Files\PV-CX881PL+\TVSCHL.EXE
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: ContextProgram - {E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC} - C:\Program Files\ContextProgram\ContextProgram-2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Yoy\Application Data\Deskbar_{C320CCE7-3244-421b-AD67-1A6E32021C3E}\starter.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\PV-CX881PL+\TVRMVCR.EXE
O4 - Global Startup: TV Scheduler.lnk = C:\Program Files\PV-CX881PL+\TVSCHL.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586(...)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: beers - {b8ea5f37-7327-4923-9808-8fd3b6f0d529} - C:\WINDOWS\system32\ddllup.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 13473 bytes
naheulbeuk
  
  :-)
      ?   ^   @     Posté le 21/06/2008 15:09:55  
Voter pour ce message
Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)


  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • ComboFix redémarrera ton PC
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    :hello:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    • yoyo6464
      
       
          ?   @     Posté le 21/06/2008 17:03:36  
    Voter pour ce message
    spyware doctor me bloque je n'arrive pas à ouvrir combofix!
    yoyo6464
      
       
          ?   @     Posté le 21/06/2008 17:21:24  
    Voter pour ce message
    Ah non c'est bon,voila le rapport:

    ComboFix 08-06-20.4 - Yoy 2008-06-21 17:10:07.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.491 [GMT 2:00]
    Endroit: C:\Documents and Settings\Yoy\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    C:\Documents and Settings\All Users\Application Data\ZangoSA
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
    C:\Documents and Settings\Yoy\Application Data\WeatherDPA
    C:\Documents and Settings\Yoy\Application Data\WeatherDPA\Weather\WeatherStartup.xml
    C:\Documents and Settings\Yoy\Application Data\Zango
    C:\Documents and Settings\Yoy\Favoris\Online Security Test.url
    C:\Program Files\AntiVirGear 3.9
    C:\Program Files\AntiVirGear 3.9\sdebug.log
    C:\Program Files\AntiVirGear 3.9\vpp.ini
    C:\Program Files\dbar
    C:\Program Files\dbar\dbaruninst.exe
    C:\Program Files\winvi
    C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
    C:\Program Files\winvi\dsktp\desktop.html
    C:\Program Files\winvi\dsktp\internetDetection.swf
    C:\Program Files\winvi\dsktp\settings.sol
    C:\Program Files\winvi\icons\bufferthis.ico
    C:\Program Files\winvi\icons\flashfunpages.ico
    C:\Program Files\winvi\icons\funnies.ico
    C:\Program Files\winvi\icons\funnyfunpages.ico
    C:\Program Files\winvi\icons\goodcleanvideos.ico
    C:\Program Files\winvi\icons\newfunpages.ico
    C:\Program Files\winvi\icons\positivethoughts.ico
    C:\Program Files\winvi\icons\removespyware.ico
    C:\Program Files\winvi\icons\thissiterocks.ico
    C:\Program Files\winvi\temp\version.ini
    C:\Program Files\winvi\Uninst.exe
    C:\Program Files\winvi\version.ini
    C:\Program Files\zango
    C:\Program Files\zango\bin\10.3.37.0\arrow.ico
    C:\Program Files\zango\bin\10.3.37.0\CntntCntr.dll
    C:\Program Files\zango\bin\10.3.37.0\CoreSrv.dll
    C:\Program Files\zango\bin\10.3.37.0\firefox\extensions\chrome.manifest
    C:\Program Files\zango\bin\10.3.37.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
    C:\Program Files\zango\bin\10.3.37.0\HostIE.dll
    C:\Program Files\zango\bin\10.3.37.0\HostOL.dll
    C:\Program Files\zango\bin\10.3.37.0\InstIE.dll
    C:\Program Files\zango\bin\10.3.37.0\link.ico
    C:\Program Files\zango\bin\10.3.37.0\OEAddOn.exe
    C:\Program Files\zango\bin\10.3.37.0\Srv.exe
    C:\Program Files\zango\bin\10.3.37.0\Toolbar.dll
    C:\Program Files\zango\bin\10.3.37.0\Wallpaper.dll
    C:\Program Files\zango\bin\10.3.37.0\Weather.exe
    C:\Program Files\zango\bin\10.3.37.0\WeSkin.dll
    C:\Program Files\zango\bin\10.3.37.0\ZangoSA.exe
    C:\Program Files\zango\bin\10.3.37.0\ZangoSAAX.dll
    C:\Program Files\zango\bin\10.3.37.0\ZangoSADF.exe
    C:\Program Files\zango\bin\10.3.37.0\ZangoSAHook.dll
    C:\Program Files\zango\bin\10.3.37.0\ZangoUninstaller.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-21 17:06 . 2004-08-05 13:00 400,896 --a------ C:\WINDOWS\system32\CF11276.exe
    2008-06-20 16:32 . 2008-06-20 16:32 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-20 16:25 . 2008-06-20 16:25 <REP> d-------- C:\Deckard
    2008-06-19 16:40 . 2008-06-19 16:40 <REP> d-------- C:\Documents and Settings\Yoy\Application Data\TaoUSign
    2008-06-18 16:57 . 2008-06-18 16:57 <REP> d-------- C:\Program Files\Sun
    2008-06-17 23:13 . 2008-06-18 16:57 <REP> d-------- C:\Program Files\ATI Technologies
    2008-06-17 23:12 . 2008-06-17 23:12 <REP> d-------- C:\ATI
    2008-06-17 16:31 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-06-17 16:30 . 2008-06-17 16:31 <REP> d-------- C:\Program Files\Java
    2008-06-17 16:26 . 2008-06-18 16:56 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-06-14 15:05 . 2008-06-18 16:56 <REP> d-------- C:\Program Files\LimeWire
    2008-06-11 19:24 . 2008-06-11 19:24 <REP> d-------- C:\WINDOWS\tiinst
    2008-06-11 19:24 . 2008-06-11 19:24 <REP> d-------- C:\WINDOWS\system32\FlashAX
    2008-06-11 19:24 . 2008-06-11 19:24 <REP> d-------- C:\Program Files\iPlayer Mass Storage Driver V3.1
    2008-06-11 19:22 . 2008-06-11 19:22 <REP> d-------- C:\WINDOWS\TSCTV
    2008-06-11 12:20 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 12:20 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 09:36 . 2008-06-10 09:37 682,496 --a------ C:\WINDOWS\system32\CDUninst.exe
    2008-05-28 16:56 . 2008-05-28 16:56 27 --a------ C:\WINDOWS\yes_messenger.ini
    2008-05-24 19:52 . 2008-05-24 19:52 <REP> d-------- C:\Program Files\Anuman Interactive

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-21 14:57 --------- d-----w C:\Program Files\Wanadoo
    2008-06-21 14:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-21 14:52 --------- d-----w C:\Program Files\PV-CX881PL+
    2008-06-21 14:48 --------- d-----w C:\Documents and Settings\Yoy\Application Data\LimeWire
    2008-06-21 10:08 --------- d-----w C:\Program Files\WinamaxPoker
    2008-06-20 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-06-20 12:21 --------- d-----w C:\Program Files\Spyware Doctor
    2008-06-18 14:57 --------- d-----w C:\Documents and Settings\Yoy\Application Data\ATI
    2008-06-18 14:54 --------- d-----w C:\Program Files\Google
    2008-06-17 18:58 --------- d-----w C:\Program Files\eMule
    2008-06-03 18:51 --------- d-----w C:\Program Files\Toshiba
    2008-06-03 18:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-29 15:00 --------- d-----w C:\Program Files\ContextProgram
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-02-20 13:37 4,506,256 ----a-w C:\Program Files\limewirewin.exe
    2007-06-06 17:03 1,702 ----a-w C:\Documents and Settings\Yoy\Application Data\wklnhst.dat
    2003-05-14 07:02 108 ----a-w C:\Program Files\hpsfx.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC}]
    2007-12-30 22:48 1019904 --a------ C:\Program Files\ContextProgram\ContextProgram-2.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 17:08 65536]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 19:43 1953792]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 12:37 184320]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 15:02 352256]
    "TPSMain"="TPSMain.exe" [2005-08-03 17:09 266240 C:\WINDOWS\system32\TPSMain.exe]
    "NDSTray.exe"="NDSTray.exe" []
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 13:25 73728]
    "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 10:24 118784]
    "TFncKy"="TFncKy.exe" []
    "TDispVol"="TDispVol.exe" [2005-09-15 15:19 73728 C:\WINDOWS\system32\TDispVol.exe]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 06:20 122940]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
    "PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 18:56 159800]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "CFSServ.exe"="CFSServ.exe" []
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-29 22:50 1836544]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 00:33 32768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\Yoy\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-05-04 00:33:42 32768]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-29 22:49:17 125624]
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-11-03 16:35:05 155648]
    Remote Controller.lnk - C:\Program Files\PV-CX881PL+\TVRMVCR.EXE [2006-11-07 19:26:03 106496]
    TV Scheduler.lnk - C:\Program Files\PV-CX881PL+\TVSCHL.EXE [2006-11-07 19:26:03 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{b8ea5f37-7327-4923-9808-8fd3b6f0d529}"= C:\WINDOWS\system32\ddllup.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-21 17:12:56
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-21 17:14:11
    ComboFix-quarantined-files.txt 2008-06-21 15:14:08

    Pre-Run: 3,152,248,832 octets libres
    Post-Run: 3,198,689,280 octets libres

    193 --- E O F --- 2008-06-20 20:28:38
    yoyo6464
      
       
          ?   @     Posté le 21/06/2008 17:23:43  
    Voter pour ce message
    et le nouveau rapport hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:22:06, on 21/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\PowerS.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\PV-CX881PL+\TVRMVCR.EXE
    C:\Program Files\PV-CX881PL+\TVSCHL.EXE
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\CF11276.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: ContextProgram - {E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC} - C:\Program Files\ContextProgram\ContextProgram-2.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: Remote Controller.lnk = C:\Program Files\PV-CX881PL+\TVRMVCR.EXE
    O4 - Global Startup: TV Scheduler.lnk = C:\Program Files\PV-CX881PL+\TVSCHL.EXE
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586(...)
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O22 - SharedTaskScheduler: beers - {b8ea5f37-7327-4923-9808-8fd3b6f0d529} - C:\WINDOWS\system32\ddllup.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

    --
    End of file - 12183 bytes
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 21/06/2008 18:19:57  
    Voter pour ce message
    Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
    Aide : http://www.site-naheulbeuk.com/malwarebytes.php
    Post moi le rapport généré à la fin dans ta prochaine réponse :)

    :p
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    yoyo6464
      
       
          ?   @     Posté le 21/06/2008 20:09:19  
    Voter pour ce message
    Malwarebytes' Anti-Malware 1.18
    Version de la base de données: 875

    20:07:54 21/06/2008
    mbam-log-6-21-2008 (20-07-54).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 104067
    Temps écoulé: 40 minute(s), 18 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 28
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 20

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4c1aff62-c4fb-dc22-f1dd-20f26a27ec12} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{926ea0f6-080a-0778-9569-cac35c7f03b8} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e4d1d56c-3ec9-2f5d-faa3-4112ccdd61dc} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4d1d56c-3ec9-2f5d-faa3-4112ccdd61dc} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.browserwatcher (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.browserwatcher.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.pornpro_bho (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\contextprogram.pornpro_bho.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{018fe159-4a56-8237-0211-989634717eb4} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2f560603-a26f-c7e9-5e30-08dba79699c4} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bf798913-adc2-4304-2b4e-876f60917aab} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9f009604-ac89-957d-19a5-5815b478e169} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{e2010c89-dc4c-e7bf-aa56-e826b40072a0} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8ea5f37-7327-4923-9808-8fd3b6f0d529} (Trojan.Zlob) -> Quarantined and deleted successfully.
    \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contextprogram (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\ContextProgram.DLL (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b8ea5f37-7327-4923-9808-8fd3b6f0d529} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.37.0 (Adware.Zango) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\ContextProgram\ContextProgram-2.dll (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\ShprInstaller.exe (Adware.Shoper) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\tem11.tmp.exe (Adware.SaveNow) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\tem12.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\temC.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\temD.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\upd14.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\nshD.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\nshD.tmp\InetLoad.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\nsiC.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\nsiC.tmp\InetLoad.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\nspC.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\nstD.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\nsuC.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Deckard\System Scanner\backup\DOCUME~1\Yoy\LOCALS~1\Temp\nsuC.tmp\InetLoad.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP365\A0110971.dll (Adware.Shoper) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP366\A0111068.dll (Adware.Shoper) -> Quarantined and deleted successfully.
    C:\Program Files\ContextProgram\ContextProgram.dat (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ContextProgram\pcre3.dll (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ContextProgram\uninstall.exe (AdWare.Agent) -> Quarantined and deleted successfully.
    yoyo6464
      
       
          ?   @     Posté le 21/06/2008 20:15:33  
    Voter pour ce message
    ca a l'air d'etre bon, merci beaucoup!
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 22/06/2008 03:14:55  
    Voter pour ce message
    Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
    (clique à gauche sur scan online).
    et post moi le rapport de ce scan ici une fois terminé !

    Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm

    :hello:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    yoyo6464
      
       
          ?   @     Posté le 22/06/2008 15:16:52  
    Voter pour ce message

    //-----------------------------------------------------------------
    //
    // Produit BitDefender Free Edition v10
    // Produit 10.2
    //
    // Créé le: 22/06/2008 13:19:58
    //
    //-----------------------------------------------------------------


    Statistiques

    Chemin cible: C:\
    Dossiers : 5559
    Fichiers : 122834
    Processus Mémoire analysés : 81
    Archives : 261
    Fichiers enpaquetés : 4192
    Virus trouvés : 4
    Fichiers infectés : 11
    Processus Mémoire infectés : 0
    Fichiers suspects : 0
    Alertes : 0
    Fichiers désinfectés : 0
    Fichiers effacés : 11
    Fichiers déplacés : 4
    Erreurs I/O : 65
    Temps d'analyse :=00:44:12
    Fichiers/seconde :46

    Statistiques Spywares

    Registres analysés : 329
    Registres infectés : 0
    Cookies analysés : 202
    Cookies infectés : 2
    Fichiers spyware infectés : 0
    Menaces Spyware détectées : 2


    Définitions virus : 1262411
    Plugins d'analyse : 16
    Plugins archives : 42
    Plug-ins décompression : 7
    Plug-ins messagerie : 6
    Plug-ins système : 5

    Options d'analyse

    Détection
    [X] Analyser le secteur de boot
    [X] Processus mémoire
    [ ] Analyser les archives
    [X] Analyser les fichiers enpaquetés
    [X] Analyser la messagerie

    Masque fichiers
    [ ] Programmes
    [X] Tous les fichiers
    [ ] Extensions définies par l'utilisateur:
    [ ] Exclure les extensions: ;

    Action

    Objets infectés
    [ ] Ignorer
    [X] Désinfecter
    [ ] Effacer
    [ ] Mettre en quarantaine
    [ ] Demander l'action

    Seconde action
    [ ] Ignorer
    [ ] Effacer
    [X] Mettre en quarantaine
    [ ] Demander l'action

    Options d'analyse
    [X] Activer les alertes
    [ ] Activer l'heuristique
    [ ] Afficher tous les fichiers dans le journal
    [X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1214133598.log

    Options d'analyse Spyware

    [X] Analyse contre les risques non-viraux
    [ ] Ecarter de l'analyse les dialers et les applications
    [X] Clés de registres
    [X] Cookies


    Résumé:

    <System>=>C:\Documents and Settings\Yoy\Cookies\yoy@www.w-w-w-dot-com[2].txt Détecté: Cookie.Com.com
    <System>=>C:\Documents and Settings\Yoy\Cookies\yoy@www.w-w-w-dot-com[2].txt Effacé
    <System> Recompression des archives réussie
    <System>=>C:\Documents and Settings\Yoy\Cookies\yoy@elle.solution.weborama[1].txt Détecté: Cookie.Weborama
    <System>=>C:\Documents and Settings\Yoy\Cookies\yoy@elle.solution.weborama[1].txt Effacé
    <System> Recompression des archives réussie
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00F22442.exe=>(Quarantine-2) Détecté: Adware.Gator.C
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00F22442.exe=>(Quarantine-2) Effacé
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B0E687E.exe=>(Quarantine-2) Infecté: Trojan.Zlob.1330
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B0E687E.exe=>(Quarantine-2) Désinfection impossible
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B0E687E.exe Déplacé
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B690019.exe=>(Quarantine-2) Infecté: Trojan.Zlob.1330
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B690019.exe=>(Quarantine-2) Désinfection impossible
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B690019.exe Déplacé
    C:\QooBox\Quarantine\C\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe.vir Détecté: Adware.Zango.SC
    C:\QooBox\Quarantine\C\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe.vir Effacé
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP356\A0104103.dll Détecté: Adware.Zango.AN
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP356\A0104103.dll Effacé
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP365\A0109307.exe Détecté: Adware.Zango.SC
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP365\A0109307.exe Effacé
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP371\A0115911.exe Détecté: Adware.Zango.SC
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP371\A0115911.exe Effacé
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP385\A0133577.exe Détecté: Adware.Zango.SC
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP385\A0133577.exe Effacé
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP387\A0134607.exe=>(Quarantine-2) Détecté: Adware.Gator.C
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP387\A0134607.exe=>(Quarantine-2) Effacé
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP387\A0134608.exe=>(Quarantine-2) Infecté: Trojan.Zlob.1330
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP387\A0134608.exe=>(Quarantine-2) Désinfection impossible
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP387\A0134608.exe Déplacé
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP387\A0134609.exe=>(Quarantine-2) Infecté: Trojan.Zlob.1330
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP387\A0134609.exe=>(Quarantine-2) Désinfection impossible
    C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP387\A0134609.exe Déplacé
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 22/06/2008 15:55:59  
    Voter pour ce message
    bonjour, ton PC est propre :super:

  • Suppression des outils :

    Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner-34055291-avis-opinion(...)

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
    Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-toolscleaner-2-t375.htm

  • Supprime tous les rapports qui sont apparus lors des divers scans
  • Edite ton premier post avec < inclued picture > et mets [resolu] devant le titre de ton sujet.

  • Voici quelques liens pour des conseils en sécurité :

    Mon site Web sur la sécurité informatique !
    Comment protéger son PC pour éviter d'être infecté ?

    < inclued picture >

    Prends le temps de les lire car elles sont très enréchissantes.

  • Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapporte ton infection :
    - Voir les règles de Malware-Complaints
    - Enregistre sur le forum à partir du bouton register en haut :
    Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
    Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

    Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

    au plaisir et bon dimanche :hello:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    • yoyo6464
      
       
          ?   @     Posté le 23/06/2008 12:57:13  
    Voter pour ce message
    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Yoy\Bureau\bordel\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Yoy\Bureau\bordel\ComboFix.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Yoy\Bureau\bordel\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Yoy\Bureau\bordel\ComboFix.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    yoyo6464
      
       
          ?   @     Posté le 23/06/2008 13:05:35  
    Voter pour ce message
    mon pc chauffe toujours et je peu plu le mettre en veille et il est lent aussi que dois-je faire?
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 23/06/2008 13:17:10  
    Voter pour ce message
    Télécharge et installe CCleaner
    Guide d'utilisation de CCleaner : http://www.site-naheulbeuk.com/ccleaner.php

    Note : Lors de l'installation, sur l'écran "Options d'installation", décocher la case située devant "Ajouter la barre d'outils Yahoo! CCleaner"

    Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage

    et post moi un nouveau rapport hijackthis ensuite stp :p
    -->Message édité par naheulbeuk le 23/06/2008 13:17:46<--
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    yoyo6464
      
       
          ?   @     Posté le 23/06/2008 19:39:39  
    Voter pour ce message
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:24:44, on 23/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\PowerS.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\PV-CX881PL+\TVRMVCR.EXE
    C:\Program Files\PV-CX881PL+\TVSCHL.EXE
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\