Pricha

Merci de votre rapidité. Voici les logs. Search Navipromo version 3.7.1 commencé le 02/02/2009 à 14:58:33,85 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E8400 @ 3.00GHz ) BIOS : BIOS Date: 07/31/08 11:08:14 Ver: 08.00.14 USER : Administrateur ( Administrator ) BOOT : Normal boot Antivirus : ESET Smart Security 3.0 3.0 (Activated) Firewall : Pare-feu personnel d'ESET 3.0.642.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:116 Go (Free:37 Go) D:\ (Local Disk) - NTFS - Total:42 Go (Free:6 Go) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (Local Disk) - NTFS - Total:116 Go (Free:29 Go) I:\ (CD or DVD) S:\ (Local Disk) - NTFS - Total:34 Go (Free:21 Go) Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** ...\Live-Player trouvé ! *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** ...\Live-Player trouvé ! *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "" *** *** Recherche dossiers dans "C:\Users\Administrateur\AppData\Roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\Administrateur\AppData\Local\Microsoft" * * Recherche dans "C:\Users\Administrateur\AppData\Local" * *** Recherche fichiers *** c:\users\public\desktop\Live-Player.lnk trouvé ! *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lavbg"="\"c:\\windows\\system32\\lavbg.exe\" lavbg" *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : lavbg.exe trouvé ! lavbg.dat trouvé ! lavbg_nav.dat trouvé ! lavbg_navps.dat trouvé ! * Dans "C:\Users\Administrateur\AppData\Local\Microsoft" : * Dans "C:\Users\Administrateur\AppData\Local" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 02/02/2009 à 15:04:54,01 *** Clean Navipromo version 3.7.1 commencé le 02/02/2009 à 15:07:07,58 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E8400 @ 3.00GHz ) BIOS : BIOS Date: 07/31/08 11:08:14 Ver: 08.00.14 USER : Administrateur ( Administrator ) BOOT : Normal boot Antivirus : ESET Smart Security 3.0 3.0 (Activated) Firewall : Pare-feu personnel d'ESET 3.0.642.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:116 Go (Free:37 Go) D:\ (Local Disk) - NTFS - Total:42 Go (Free:6 Go) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (Local Disk) - NTFS - Total:116 Go (Free:29 Go) I:\ (CD or DVD) S:\ (Local Disk) - NTFS - Total:34 Go (Free:21 Go) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\Windows\System32" * * Suppression dans "C:\Users\Administrateur\AppData\Local\Microsoft" * * Suppression dans "C:\Users\Administrateur\AppData\Local" * *** Suppression dossiers dans "C:\Windows" *** *** Suppression dossiers dans "C:\Program Files" *** ...\Live-Player ...suppression... ...\Live-Player supprimé ! *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** ...\Live-Player ...suppression... ...\Live-Player supprimé ! *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Suppression dossiers dans "C:\ProgramData" *** *** Suppression dossiers dans *** *** Suppression dossiers dans "C:\Users\Administrateur\AppData\Local" *** *** Suppression dossiers dans "C:\Users\Administrateur\AppData\Roaming" *** *** Suppression fichiers *** c:\users\public\desktop\Live-Player.lnk supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\ADMINI~1\AppData\Local\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\Windows\system32" * lavbg.exe trouvé ! Copie lavbg.exe réalisée avec succès ! lavbg.exe supprimé ! lavbg.dat trouvé ! Copie lavbg.dat réalisée avec succès ! lavbg.dat supprimé ! lavbg_nav.dat trouvé ! Copie lavbg_nav.dat réalisée avec succès ! lavbg_nav.dat supprimé ! lavbg_navps.dat trouvé ! Copie lavbg_navps.dat réalisée avec succès ! lavbg_navps.dat supprimé ! lavbg.bat trouvé ! Copie lavbg.bat réalisée avec succès ! lavbg.bat supprimé ! * Dans "C:\Users\Administrateur\AppData\Local\Microsoft" * * Dans "C:\Users\Administrateur\AppData\Local" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 02/02/2009 à 15:09:37,59 *** Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1714 Windows 6.0.6001 Service Pack 1 02/02/2009 16:33:36 mbam-log-2009-02-02 (16-33-21).txt Type de recherche: Examen complet (C:\|D:\|G:\|S:\|) Eléments examinés: 186618 Temps écoulé: 1 hour(s), 19 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Tout semble nettoyé !

Bonjour, depuis quelques jours, chaque fois que je lance firefox ou que j'ouvre un nouvel onglet, une deuxième fenêtre firefox s'ouvre, en général sur un site commerçant, genre PriceMinister ou Pixmania.C'est gênant, sans être grave, je pense. Voici mon log hijackthis.Qu'en pensez-vous ? Merci. Pascal Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:35:49, on 02/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\ASUS\AASP\1.00.64\aaCenter.exe C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe C:\Windows\Explorer.EXE C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\VMware\VMware Workstation\hqtray.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\oodtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\egui.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\WinMover\WinMover.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Windows\System32\lavbg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\adslTV\adsltv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\adslTV\vlc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [lavbg] "c:\windows\system32\lavbg.exe" lavbg O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 9908 bytes

Ces deux éléments sont-ils des "valeur chaîne" ou "valeur binaire" ou bien carrément des "Dword32"? [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuMFUprogramsList"= 1 (0x1) "HideSCAVolume"= 1 (0x1) J'ai effectué les rajouts de chaînes et je vais rebooter pour voir le changement... Voilà : j'ai bien désactivé l'UAC, mais je ne sais pas si les autres chaînes ont bien été remises. @++

Ouf, merci ! Mais quelle(s) clés dois-je modifier pour L'UAC et le blocage des programmes au démarrage ? Le plantage de l'Explorer est-il lié à la modif/suppression des autres clés ? Lesquelles alors ? Je tiens à vous remercier pour ce que vous faites, mais je voudrais un moyen terme entre sécurité totale et ouverture à tous vents...

GRRRRRR!!! C'est très bien de m'avoir aidé à nettoyer, mais cela a été trop loin, apparemment : - lorsque je ferme une fenêtre de l'explorateur, il plante et redémarre - je ne peux plus lancer certains exécutables, notamment des archives auto-exécutables - tout est "verrouillé" et je dois demander à chaque fois l'autorisation à M. Bill Gates d'aller faire pipi !!! Est-il possible de revenir en arrière, au dépens peut-être d'un peu de sécurité ? Merci

Opération effectuée. Tout semble OK, mais j'aimerais désactiver l'UAC (à mes risques et périls) et apparemment je ne peux plus... ConboFix a supprimé des clés de la BdR. Est-ce donc sa faute si je n'ai plus de contrôle? Comment en récupérer certains, notamment le blocage des programmes au démarrage (tweakVI) ? Merci

OK, je fais et je réponds rapidement. Merci.

Merci ! Tout s'est bien passé et ComboFix a nettoyé ce qui restait, notamment les fichiers .ini associés aux .dll (je n'y avais pas pensé). J'espère que cette fois-ci je suis définitivement débarrassé de ces saletés! ça m'apprendra de lancer des programmes inconnus ! Voici le rapport : ComboFix 08-03-13.4 - Pascal 2008-03-14 10:13:51.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.988 [GMT 1:00] Endroit: C:\Users\Pascal\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\BMdbba5e9d.xml C:\Windows\hosts C:\Windows\pskt.ini C:\Windows\system32\cyqjwliu.dll C:\Windows\System32\uilwjqyc.ini C:\Windows\System32\wvuvw.ini C:\Windows\System32\wvuvw.ini2 . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier créé dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-14 09:18 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs 2008-03-14 09:17 --------- d-----w C:\Program Files\Eraser 2008-03-13 21:13 --------- d-----w C:\Users\Pascal\AppData\Roaming\dvdcss 2008-03-13 15:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-12 15:56 262,144 ----a-w C:\ntuser.dat 2008-03-12 09:09 --------- d-----w C:\Program Files\Windows Mail 2008-03-12 09:03 --------- d-----w C:\PROGRA~2\Microsoft Help 2008-03-11 23:26 --------- d-----w C:\Program Files\Java 2008-03-10 18:30 --------- d-----w C:\Users\Pascal\AppData\Roaming\ESET 2008-03-10 18:29 --------- d-----w C:\PROGRA~2\Eset 2008-03-10 18:21 --------- d-----w C:\Program Files\ESET 2008-03-10 17:59 --------- d-----w C:\PROGRA~2\FLEXnet 2008-03-10 08:07 65,584 ----a-w C:\Users\Pascal\AppData\Roaming\nvModes.dat 2008-03-09 18:24 --------- d-----w C:\Program Files\PowerISO 2008-03-08 20:33 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy 2008-03-08 17:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-08 17:21 691,545 ----a-w C:\Windows\unins000.exe 2008-03-08 15:11 --------- d-----w C:\Users\Pascal\AppData\Roaming\uTorrent 2008-03-08 14:11 --------- d-----w C:\Program Files\Free Easy Burner 2008-03-08 11:27 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-08 10:50 --------- d-----w C:\Users\Pascal\AppData\Roaming\Skype 2008-03-08 10:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-08 10:48 --------- d-----w C:\Program Files\Windows Live 2008-03-08 10:40 --------- d-----w C:\PROGRA~2\WLInstaller 2008-03-08 09:56 --------- d-----w C:\Users\Pascal\AppData\Roaming\ooVoo Details 2008-03-08 09:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-08 09:52 --------- d-----w C:\Program Files\ooVoo 2008-03-07 18:20 --------- d-----w C:\PROGRA~2\Logishrd 2008-03-07 16:59 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-03-07 16:58 --------- d-----w C:\Program Files\Logitech 2008-03-07 16:58 --------- d-----w C:\PROGRA~2\Logitech 2008-03-05 17:03 --------- d-----w C:\Program Files\Binary News Reaper 2008-03-03 18:11 --------- d-----w C:\Program Files\AnsaRC 2008-02-25 16:05 --------- d-----w C:\Program Files\Steganos Privacy Suite 2008 2008-02-25 15:41 --------- d-----w C:\Users\Pascal\AppData\Roaming\Steganos 2008-02-24 15:47 --------- d-----w C:\Users\Pascal\AppData\Roaming\NewsLeecher 2008-02-24 10:44 --------- d-----w C:\Users\Pascal\AppData\Roaming\LimeWire 2008-02-20 10:41 --------- d-----w C:\PROGRA~2\Apple Computer 2008-02-19 16:17 --------- d-----w C:\Program Files\WinHTTrack 2008-02-13 23:27 --------- d-----w C:\Users\Pascal\AppData\Roaming\GrabIt 2008-02-13 09:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 09:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 09:07 943,800 ----a-w C:\Windows\System32\winload.exe 2008-02-13 09:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 09:01 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 09:01 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 09:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 09:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-13 00:33 --------- d-----w C:\Users\Pascal\AppData\Roaming\NewsBin 2008-02-10 20:09 --------- d-----w C:\Program Files\Common Files\Nero 2008-02-10 20:06 --------- d-----w C:\PROGRA~2\Nero 2008-02-10 20:00 --------- d-----w C:\Program Files\NeroInstall.bak 2008-02-08 08:38 --------- d-----w C:\Program Files\Microsoft Etudes 2008-02-08 08:34 --------- d-----w C:\Program Files\Learning Essentials 2008-02-07 12:52 --------- d-----w C:\Program Files\VirtualDubMOD 2008-02-06 18:35 --------- d-----w C:\Program Files\Hexago 2008-02-04 09:35 --------- d-----w C:\PROGRA~2\DVD Shrink 2008-02-04 08:56 --------- d-----w C:\PROGRA~2\WinZip 2008-01-31 22:38 9,728 ----a-w C:\Windows\System32\ftlx041e.dll 2008-01-31 22:38 9,216 ----a-w C:\Windows\System32\ftlx0411.dll 2008-01-31 22:38 296,960 ----a-w C:\Windows\winhlp32.exe 2008-01-31 22:38 194,560 ----a-w C:\Windows\System32\ftsrch.dll 2008-01-31 16:34 --------- d-----w C:\Program Files\SlySoft 2008-01-30 22:29 --------- d-----w C:\Users\Pascal\AppData\Roaming\FileZilla 2008-01-30 11:38 71,176 ----a-w C:\Windows\system32\drivers\epfw.sys 2008-01-30 11:38 54,280 ----a-w C:\Windows\system32\drivers\epfwtdi.sys 2008-01-30 11:38 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys 2008-01-30 11:35 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys 2008-01-30 11:35 29,704 ----a-w C:\Windows\system32\drivers\easdrv.sys 2008-01-24 22:42 --------- d-----w C:\Program Files\3wPlayer 2008-01-24 21:25 --------- d-----w C:\PROGRA~2\Grammpeg 2008-01-24 21:25 --------- d-----w C:\PROGRA~2\Bash Dvd Hold Data 2008-01-24 21:24 --------- d-----w C:\Program Files\Grammpeg 2008-01-22 09:05 --------- d-----w C:\Program Files\NetDrive 2008-01-21 19:49 --------- d-----w C:\Program Files\FileZilla FTP Client 2008-01-16 23:11 --------- d-----w C:\Program Files\ZipZag 2008-01-16 22:23 --------- d-----w C:\Users\Pascal\AppData\Roaming\ZipZag 2008-01-16 20:42 --------- d-----w C:\Program Files\Shareaza 2008-01-16 20:41 --------- d-----w C:\Users\Pascal\AppData\Roaming\Shareaza 2008-01-16 20:28 --------- d-----w C:\Program Files\Shareaza Applications 2008-01-15 19:19 --------- d-----w C:\Program Files\Ubisoft 2008-01-10 09:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-12-16 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-16 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-16 02:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-08-31 22:08 174 --sha-w C:\Program Files\desktop.ini 2007-06-21 23:33 87,608 ----a-w C:\Users\Pascal\AppData\Roaming\ezpinst.exe 2007-06-21 23:33 47,360 ----a-w C:\Users\Pascal\AppData\Roaming\pcouffin.sys 2007-11-10 20:46 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-10 20:46 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-10 20:46 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-08-27 07:23 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-08-27 07:23 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-08-27 07:23 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-10-13 08:36 88 --sha-r C:\Windows\System32\3BF73A0662.sys 2007-06-19 07:32 397,312 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1427A821-7B93-4F08-9A34-9FA03A3D93DB}] 2008-01-24 14:28 20480 --a------ C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 11:22 219008] "Eraser"="C:\Program Files\Eraser\eraser.exe" [2007-10-26 10:37 487424] "TweakVI"="C:\Program Files\TweakVI\tweakvi.exe" [2007-12-05 14:30 6139904] "Invisible Secrets 4"="C:\PROGRA~1\INVISI~1\invtray.exe" [2007-07-18 13:22 736464] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 10:01 1232896] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 19:07 411768] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 17:27 530552] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 09:12 1029416] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 02:41 188416] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11 577536] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 15:40 1884160] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 06:02 102400] "WebDriveTray"="C:\Program Files\NetDrive\netdrive.exe" [2003-06-04 12:49 294912] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-19 08:21 61440] "SSS2008 PasswordManagerFFAutoFill"="C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe" [2008-01-24 14:28 21504] "SSS2008 HotKeys"="C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe" [2008-01-24 14:28 25088] "SSS2008 File Redirection Starter"="C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe" [2007-12-19 11:01 57344] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-01-30 12:37 1443072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 11:00 531272] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02 394856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuMFUprogramsList"= 1 (0x1) "HideSCAVolume"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3938487483-3343007935-3682012816-1000] "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4DFE9767-C9B3-42B6-B60C-52D571810139}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{B5D42BD5-E825-41F1-8826-FCDA6F17C0BD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{B72F06F7-A7A4-491B-87AB-02A85D4E7F79}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{03434363-9426-4ABA-8D63-86F2AF4448FF}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{102D4620-8D28-480D-A51A-DE98BD75AEBA}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{9F03B80C-874B-4F68-A408-FA6DEEB365BC}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{560416E1-9292-4E0D-8716-E56C1BF0D5ED}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{24D1A0DE-0B23-4600-BE25-3C4A7F9E5251}"= UDP:3703:Adobe Version Cue CS3 Server "{7BFC6D8E-6556-47BC-85FF-7118AF928B9F}"= UDP:3704:Adobe Version Cue CS3 Server "{C09A22EC-9E2E-4352-9DDE-D9B437FFBF73}"= UDP:50900:Adobe Version Cue CS3 Server "{213C49F1-A7DF-4780-B908-0CF8C586616E}"= UDP:50901:Adobe Version Cue CS3 Server "{0620C3D1-6DF8-452C-B95C-263438AB8692}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{F4145028-D8B3-4709-9EFC-97C06BE5B511}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{F5A80F0F-5DC6-4D86-9AB4-FE113470C644}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{AA70A735-D961-427D-AA0B-5B3E3A63FBED}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{6B633651-A2A1-4F79-976D-E3A747D15F12}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{0A6DBB7F-5F28-4747-8702-B96D8509C25C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{C7E38535-4484-48BF-B0C4-551B9B7A91CE}C:\program files\windows sidebar\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows|Desc=Volet Windows "UDP Query User{8C643C6E-E939-4D08-912C-35C5613F8EBC}C:\program files\windows sidebar\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows|Desc=Volet Windows "TCP Query User{DF2EC550-A3D3-4DAE-9706-4841BD9423EF}C:\program files\homeplayer1.5.2\vlc\vlc.exe"= UDP:C:\program files\homeplayer1.5.2\vlc\vlc.exe:VLC media player|Desc=VLC media player "UDP Query User{959D6BF7-F151-4AB2-8AF5-462AA29D8A30}C:\program files\homeplayer1.5.2\vlc\vlc.exe"= TCP:C:\program files\homeplayer1.5.2\vlc\vlc.exe:VLC media player|Desc=VLC media player "TCP Query User{E256D4BA-585D-41CF-8750-AFF65EF42254}C:\program files\homeplayer1.5.2\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.2\homeplayer.exe:HomePlayer|Desc=HomePlayer "UDP Query User{5C5CAECD-C251-4E29-AC85-559388D986D0}C:\program files\homeplayer1.5.2\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.2\homeplayer.exe:HomePlayer|Desc=HomePlayer "{354C1D38-A5C2-41A2-ACEC-BA37C6A61345}"= TCP:8208:TV ORANGE "TCP Query User{8189C348-635B-425C-A5DA-4271CCF73557}C:\tfptools3_0\vlc\vlc.exe"= UDP:C:\tfptools3_0\vlc\vlc.exe:VLC media player|Desc=VLC media player "UDP Query User{C2A687FF-E9F9-4BF6-AA6A-08FACE535A56}C:\tfptools3_0\vlc\vlc.exe"= TCP:C:\tfptools3_0\vlc\vlc.exe:VLC media player|Desc=VLC media player "TCP Query User{34AE4CF4-5066-433D-8F86-857E86A459D7}C:\tfptools3_0\tfptools.exe"= UDP:C:\tfptools3_0\tfptools.exe:TFPTools|Desc=TFPTools "UDP Query User{3A3A5A27-BF4E-418A-A5C0-9408AC5527F0}C:\tfptools3_0\tfptools.exe"= TCP:C:\tfptools3_0\tfptools.exe:TFPTools|Desc=TFPTools "TCP Query User{BB120F05-9D98-4157-BE4B-A38F5F4BAAC8}C:\program files\e frontier\poser 7\poser.exe"= UDP:C:\program files\e frontier\poser 7\poser.exe:Poser executable file|Desc=Poser executable file "UDP Query User{01DFC5DB-E459-4C41-9432-67AC10E2E12A}C:\program files\e frontier\poser 7\poser.exe"= TCP:C:\program files\e frontier\poser 7\poser.exe:Poser executable file|Desc=Poser executable file "{C13BD77E-33CC-4991-80D8-81731B3A10AD}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{87928561-98F0-46D4-B771-A5F690D6C653}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{846450B6-38A4-49E5-AC82-BDC01903C8D9}C:\windows\system32\java.exe"= UDP:C:\windows\system32\java.exe:Java Platform SE binary|Desc=Java Platform SE binary "UDP Query User{014B0E01-1BA5-4A3E-A973-143A193B6514}C:\windows\system32\java.exe"= TCP:C:\windows\system32\java.exe:Java Platform SE binary|Desc=Java Platform SE binary "TCP Query User{07A71FB4-A57E-4E5D-87B0-EEC2551A7CD8}C:\program files\maxima-5.9.3\bin\xmaxima.exe"= UDP:C:\program files\maxima-5.9.3\bin\xmaxima.exe:TclKit = Tcl + IncrTcl + Tk + MetaKit|Desc=TclKit = Tcl + IncrTcl + Tk + MetaKit "UDP Query User{A4170864-1EE3-4B98-BEAF-FA83351A6B53}C:\program files\maxima-5.9.3\bin\xmaxima.exe"= TCP:C:\program files\maxima-5.9.3\bin\xmaxima.exe:TclKit = Tcl + IncrTcl + Tk + MetaKit|Desc=TclKit = Tcl + IncrTcl + Tk + MetaKit "TCP Query User{3F61A7A6-E082-4B3F-B6B7-EAE90DA0F20A}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer "UDP Query User{44D41EB1-CE40-43B9-964A-24B9E8B79AC7}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer "TCP Query User{136D2552-A438-4D9A-95D4-FC4504EA3EF3}C:\program files\windows sidebar\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows|Desc=Volet Windows "UDP Query User{BBBC2CCA-C96E-499D-A75D-E89712F00C6F}C:\program files\windows sidebar\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows|Desc=Volet Windows "{F9A2EAE1-699C-4B10-B622-1EB778BD20F9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{455DD3C3-5A01-4A66-9A9E-2A22EEA707EB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{25BF7598-88EA-41A0-9504-119D2F26480E}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{7E745EAC-C657-48B8-AFA9-8328E4993066}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "TCP Query User{DB3A8415-4025-42E2-9C31-27E46F97F623}C:\program files\freeplayer\vlc\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player "UDP Query User{2B4576F7-23D1-44C9-BC01-2003727DE9F9}C:\program files\freeplayer\vlc\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player "{66BF7EAC-189E-4BCD-908C-F8EBB0693FEF}"= UDP:30028|%ProgramFiles%\Shareaza\Shareaza.exe:shareaza "{50D7414E-EB37-4D11-8680-06F42B103DA0}"= TCP:30028|%ProgramFiles%\Shareaza\Shareaza.exe:shareaza "TCP Query User{7FF1E52F-F0AC-4ADD-9A16-2A9F6E1EE4AB}C:\program files\edonkey2000\edonkey2000.exe"= UDP:C:\program files\edonkey2000\edonkey2000.exe:edonkey2000|Desc=edonkey2000 "UDP Query User{0610446D-D389-4263-9F05-86D47525740B}C:\program files\edonkey2000\edonkey2000.exe"= TCP:C:\program files\edonkey2000\edonkey2000.exe:edonkey2000|Desc=edonkey2000 "{915695BD-5AA3-4272-B955-49E8E2511019}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD|Desc=CyberLink PowerDVD "TCP Query User{AAB313E4-671D-4305-80E0-3B5E1FE4A8F5}C:\program files\freeplayer\vlc\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player "UDP Query User{413CDC72-A352-4E29-AE3B-CA9707DB25B1}C:\program files\freeplayer\vlc\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player "TCP Query User{A7CD3841-35E4-4B31-A16E-D9E27469903D}C:\program files\shareaza applications\shareaza\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza "UDP Query User{1B701A23-5E88-4F72-A43C-559A62B0C207}C:\program files\shareaza applications\shareaza\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza "{2D3BCF7A-FE24-4D8B-BCD3-03FB9C5D113C}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{A679D7A4-D386-4391-9480-FC425DA868BF}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{08783A54-02CE-4B30-B7CA-B32A3E0609D1}C:\program files\homeplayer1.5.2\vlc\vlc.exe"= UDP:C:\program files\homeplayer1.5.2\vlc\vlc.exe:VLC media player|Desc=VLC media player "UDP Query User{8E981C55-F798-41D4-A82C-C21AD38AD6B3}C:\program files\homeplayer1.5.2\vlc\vlc.exe"= TCP:C:\program files\homeplayer1.5.2\vlc\vlc.exe:VLC media player|Desc=VLC media player "TCP Query User{838D8968-A0D9-4E9E-9ECF-A87E30BD69F9}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox "UDP Query User{B4D408FA-9FF2-4C4B-AD90-EA116CDBA899}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox "{A846497F-5386-4E1F-81DF-F3F58E36CD62}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{B717EAA5-828D-4D8E-AA7F-7249DF883CD5}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{09785CCF-5633-4AA5-9466-7EE5E487932E}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{3F82143C-FD20-4BB5-AA61-232B37C31D04}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "TCP Query User{302AA903-E241-468D-8F35-ECE8923B0F29}C:\program files\oovoo\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo|Desc=ooVoo "UDP Query User{83BDD4F9-4666-4500-9B71-36CF4D01300D}C:\program files\oovoo\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo|Desc=ooVoo "{D50E51A4-15E8-4D9F-A9F5-E2F4BBE4C4AF}"= UDP:443:TCP port 443 ooVoo "{9295367E-708B-4B6A-9CB0-420B25A0BF1E}"= TCP:443:UDP port 443 ooVoo "{4CC11CE8-8AD2-4771-A840-1FF80030380D}"= UDP:37674:TCP port 37674 ooVoo "{CE9DD210-C71C-4D6D-95E2-08D214036540}"= TCP:37674:UDP port 37674 ooVoo "{1C5B5A2A-2C81-421E-AF46-275D32072BE6}"= TCP:37675:UDP port 37675 ooVoo "{20A748B2-50AC-4F9D-AAD5-470DEF38599E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];C:\Windows\system32\drivers\Sleen16.sys [2007-10-11 12:24] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51] R2 gw6c;Hexago Gateway6 Client;C:\Program Files\Hexago\Gateway6 Client\gw6c.exe [2007-12-20 04:02] R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys [2002-11-27 13:40] R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11] R3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;C:\Windows\system32\DRIVERS\hextun.sys [2007-12-20 04:02] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] S3 ICAM3NT5;Intel USB Video Camera III;C:\Windows\system32\Drivers\Icam3.sys [2001-08-17 20:05] S3 MA_CMIDI;M-Audio USB Driver;C:\Windows\system32\drivers\ma_cmidi.sys [2007-11-14 16:20] S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynasUSB.sys [2006-11-23 18:20] S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32] S3 UKS11LDR;M-Audio USB Keystation Loader;C:\Windows\system32\drivers\uks11ldr.sys [2007-11-14 16:20] S3 ultradfg;ultradfg;C:\Windows\system32\DRIVERS\ultradfg.sys [2007-10-08 10:54] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 18:50] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-02-14 18:41] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \shell\AutoRun\command - setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \shell\AutoRun\command - setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c249dc8-23b1-11dc-8043-00a0d1686e37}] \shell\AutoRun\command - setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a6048d5-1de9-11dc-ac08-806e6f6e6963}] \shell\AutoRun\command - O:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac5880f1-21ac-11dc-b147-00a0d1686e37}] \shell\AutoRun\command - D:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-13 21:26:20 C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-14 10:19:14 Windows 6.0.6000 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549] -> C:\Program Files\Unlocker\UnlockerHook.dll -> C:\Windows\system32\RFHelper.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\system32\crypserv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\PSIService.exe C:\Windows\system32\SatSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\NetDrive\wdService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Invisible Secrets 4\invtray.exe C:\Windows\System32\snmptrap.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-14 10:24:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-14 09:24:47 . 2008-03-14 08:19:43 --- E O F --- Voilà! Merci pour toute l'aide. Au cas où il subsisterait quoi que ce soit, je viendrai jeter un œil sur le forum de tps en tps, ne serait-ce que pour proposer mon aide à quelqu'un. @++

Bonsoir (ou plutôt bonjour, vu l'heure) N'arrivant à rien avec les logiciels de suppression des "saletés", j'ai opté pour la Console. Vista propose de réparer son ordinateur après avoir tapé F8 juste après le boot de la machine. Il faut ensuite choisir "Invite de commandes". On arrive sur un disque virtuel X:\windows\system32, ce qui est trompeur. Je suis allé sur C:\windows\system32 en mode DOS. J'ai listé toutes les dll's (dir a*.dll...dir b*.dll...jusqu'à z*.dll) qui portaient la date du jour (infection de ce soir) et je les ai effacées (del vilaine.dll, par ex). Une fois ce travail (fastidieux, vu le nombre de saletés présentes...) j'ai redémarré en mode sans échec et ai lancé HJT. Une douzaine de "02 BHO" étaient présents avec "file missing", dont la fameuse wvuvw.dll, enfin partie. Fix du tout, re-scan et redémarrage. Apparemment plus de problème, sauf une dll (vjbdkutc.dll) dont windows avait apparemment besoin...mais qui ne semble pas gêner la bonne marche du système. Sauriez-vous si ces fameuses dll's sont installées par un programme encore présent sur le PC et comment le trouver ? Merci encore pour le conseil de la console, mais tout le monde ne peut pas explorer windoz sans risques ! Voici mon dernier log de HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:27:06, on 14/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\NetDrive\NetDrive.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\TweakVI\TweakVI.exe C:\Program Files\Invisible Secrets 4\invtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Downloads\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [sSS2008 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe" O4 - HKLM\..\Run: [sSS2008 HotKeys] "C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe" O4 - HKLM\..\Run: [sSS2008 File Redirection Starter] "C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [d8896d01] rundll32.exe "C:\Windows\system32\vjbdkutc.dll",b O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [TweakVI] "C:\Program Files\TweakVI\tweakvi.exe" -autostart O4 - HKCU\..\Run: [invisible Secrets 4] C:\PROGRA~1\INVISI~1\invtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191916749686 O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6CEDBA-57DD-4271-99E4-D6A954F70210}: NameServer = 212.27.54.252,212.27.53.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Program Files\Hexago\Gateway6 Client\gw6c.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 12183 bytes Y a-t-il encore des choses suspectes ? merci et à bientôt

Message du 13 mars. Ce matin, grosse infection. Redémarrage en mode sans échec (because plus d'icônes, ni de dossiers sur le bureau!!!). HJT en action et suppression de nombreux 02 BHO. Un seul résiste (wvuvw.dll) intouchable, insuppressible, une vraie saleté. Nod32 a trouvé deux infections (ver et Trojan) et SpyBot en a trouvé trois (dont Virtumonde...saleté aussi). Chaque fois que je lance l'explorateur (en ouvrant un dossier), j'ai un BHO qui veut s'ajouter, mais bloqué par TeaTimer de SpyBotet parfois Explorer plante... Voici mon rapport, après nettoyage. Nd32 C:\Users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A06IHEJX\hctp[1] - Win32/Adware.Virtumonde application - nettoyé par suppression - mis en quarantaine [1] C:\Users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMVSO7QD\setup_fr[1].cab » CAB » UGESV_0001_N122M0303NetInstaller.exe - une variante de Win32/Adware.WinFixer application - faisait partie de l'objet supprimé HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:58:44, on 13/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET Smart Security\ecls.exe E:\Downloads\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5D1EEB25-7FBD-4364-A7B2-59AF89B182DD} - C:\Windows\system32\wvuvw.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [sSS2008 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe" O4 - HKLM\..\Run: [sSS2008 HotKeys] "C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe" O4 - HKLM\..\Run: [sSS2008 File Redirection Starter] "C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [TweakVI] "C:\Program Files\TweakVI\tweakvi.exe" -autostart O4 - HKCU\..\Run: [invisible Secrets 4] C:\PROGRA~1\INVISI~1\invtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191916749686 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6CEDBA-57DD-4271-99E4-D6A954F70210}: NameServer = 212.27.54.252,212.27.53.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Program Files\Hexago\Gateway6 Client\gw6c.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 10805 bytes Je ne sais plus quoi faire... Merci de l'aide...

Je fais tout ça et je vous tiens au courant. Merci

Merci pour toute l'aide. Kaspersky a bien trouvé deux infections et m'a proposé l'achat du produit pour nettoyer (j'aurais pu l'essayer seulement...), mais j'ai préféré désinstaller Avast (trop gruyère!) et installer une version d'essai de Nod32, qui m'a été conseillé. Nod32 a bien trouvé les deux coupables et les a éradiqués. Ci-dessous un bout du rapport de nettoyage avec les deux lignes incriminées: C:\Users\Pascal\AppData\Local\Temp\removalfile.bat - Win32/Adware.Virtumonde application - nettoyé par suppression - mis en quarantaine [1] C:\Windows\System32\messenger.exe - une variante probable de Win32/Rbot cheval de troie - nettoyé par suppression - mis en quarantaine [1] Nombre d'objets analysés : 591008 Nombre de menaces détectées : 2 Heure d'achèvement : 21:01:04 Temps d'analyse total : 5125 sec. (01:25:25) Notes : [1] L'objet a été supprimé car il ne contenait que le corps du virus. [4] L'objet ne peut pas être ouvert. Il est peut-être utilisé par une autre application ou le système d'exploitation. Après un dernier HJT, voici son rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:44:24, on 11/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\NetDrive\NetDrive.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\TweakVI\TweakVI.exe C:\Program Files\Invisible Secrets 4\invtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\rundll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\NewsLeecher\newsLeecher.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Downloads\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sSS2008 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe" O4 - HKLM\..\Run: [sSS2008 HotKeys] "C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe" O4 - HKLM\..\Run: [sSS2008 File Redirection Starter] "C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [TweakVI] "C:\Program Files\TweakVI\tweakvi.exe" -autostart O4 - HKCU\..\Run: [invisible Secrets 4] C:\PROGRA~1\INVISI~1\invtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191916749686 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6CEDBA-57DD-4271-99E4-D6A954F70210}: NameServer = 212.27.54.252,212.27.53.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Program Files\Hexago\Gateway6 Client\gw6c.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 12751 bytes Apparemment tout à l'air OK, mais pouvez-vous y jeter un coup d'oeil ? Merci et bon courage

Bonjour, téléchargement de Vundofix ==> OK fonctionnement de Vundofix ==> OK mais il n'a rien trouvé HJT actuel (mode normal): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:29:29, on 10/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\NetDrive\NetDrive.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\TweakVI\TweakVI.exe C:\Program Files\Invisible Secrets 4\invtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE C:\Program Files\ooVoo\ooVoo.exe C:\Windows\system32\rundll32.exe C:\Program Files\HomePlayer1.5.2\VLC\vlc.exe E:\Downloads\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sSS2008 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe" O4 - HKLM\..\Run: [sSS2008 HotKeys] "C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe" O4 - HKLM\..\Run: [sSS2008 File Redirection Starter] "C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [TweakVI] "C:\Program Files\TweakVI\tweakvi.exe" -autostart O4 - HKCU\..\Run: [invisible Secrets 4] C:\PROGRA~1\INVISI~1\invtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191916749686 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6CEDBA-57DD-4271-99E4-D6A954F70210}: NameServer = 212.27.54.252,212.27.53.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Program Files\Hexago\Gateway6 Client\gw6c.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 13244 bytes Spybot (tea timer) me signale qu'un BHO voudrait modifier la base de registre. Je bloque cette action, mais elle est récurrente. {D68A68C6-6438-4429-942F-330D758102A6} Merci de l'aide

Impossible de supprimer c:\windows\sustem32\wvuvw.dll (Trojan Vundo?) Voici mon scan HJT. Pouvez-vous m'aider ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:13:21, on 09/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE E:\Downloads\HiJackThis\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {389EE283-0EFE-4A36-B060-0B79BFC552BC} - C:\Windows\system32\wvuvw.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sSS2008 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe" O4 - HKLM\..\Run: [sSS2008 HotKeys] "C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe" O4 - HKLM\..\Run: [sSS2008 File Redirection Starter] "C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [TweakVI] "C:\Program Files\TweakVI\tweakvi.exe" -autostart O4 - HKCU\..\Run: [invisible Secrets 4] C:\PROGRA~1\INVISI~1\invtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191916749686 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6CEDBA-57DD-4271-99E4-D6A954F70210}: NameServer = 212.27.54.252,212.27.53.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hexago Gateway6 Client (gw6c) - Hexago, Inc. - C:\Program Files\Hexago\Gateway6 Client\gw6c.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 12418 bytes