banz

rapport de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:22:42, on 15/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\WINDOWS\system32\rmctrl.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\WService.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto O4 - HKLM\..\Run: [WService] WService.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (User 'SYSTEM') O4 - .DEFAULT Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (User 'Default user') O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\dinekega.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE -- End of file - 6913 bytes tout est ok??

merci pour la reponse très rapide. voici le rapport: il y a avait plus de 40 fichiers infectés... Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2137 Windows 5.1.2600 Service Pack 2 15/05/2009 21:02:16 mbam-log-2009-05-15 (21-02-16).txt Type de recherche: Examen rapide Eléments examinés: 77389 Temps écoulé: 7 minute(s), 56 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 8 Elément(s) de données du Registre infecté(s): 10 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\jowomema.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\vijobaje.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d97ab31-ff9e-4320-b30b-1298709c23c5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3d97ab31-ff9e-4320-b30b-1298709c23c5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50d650d6 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm53e5634a (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hekutedaze (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vijobaje.dll -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\Administrateur\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\antispy (Rogue.AntiSpy) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\jowomema.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\amemowoj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. c:\WINDOWS\system32\vijobaje.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\Administrateur\Local Settings\Temp\coaxrmnews.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\sowrmxaenc.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Application Data\ptidle\ptidle.exe27q (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\antispy\xp-AntiSpy.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully. merci, j'attends la suite

autre precision que j'ai oubliée dans le post précedent: Je n'ai plus accès à l'image de fond de mon bureau. Celle-ci a été remplacée par un fichier nommé "ahtn" avec le logo firefox, et je n'ai pas la possibilité d'en choisir une autre (les option sont grisées.) Merci

Bonjour, En debut d'apres midi je pense avoir été victime d'un virus... Mon fond d'écran a été remplacé par un fond d'écran noir avec écrit "Warning (clignotant) Dangerous spyware (en jaune)" et un court paragraphe en dessous signalant la présence de virus. Il y a également une icône qui était apparue dans la barre des tâches : une croix blanche dans un rond rouge avec un message "Warning security report : your computer is infected ! It is recommanded to start spyware cleaner tool" et qui est parti Une page internet s'ouvre intempestivement, surement un pop de la page Antivirus-XP-Pro-2009.com je n'avais plus acces au gestionnaire des taches, je l'ai recupere en faisait une manip avec Vilma registry. voila le log effectué avec DDS: DDS (Ver_09-05-14.01) - NTFSx86 Run by Administrateur at 19:58:18,96 on 15/05/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.471 [GMT 2:00] AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\rmctrl.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\WService.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\FxGaobot.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Administrateur\Bureau\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = iexplore mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {3d97ab31-ff9e-4320-b30b-1298709c23c5} - c:\windows\system32\kopusohu.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [RemoteControl] c:\windows\system32\rmctrl.exe mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe" mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto mRun: [WService] WService.EXE mRun: [soundMan] SOUNDMAN.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [WinSys2] c:\windows\system32\winsys2.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [prnet] "c:\windows\system32\prnet.tmp" mRun: [50d650d6] rundll32.exe "c:\windows\system32\jowomema.dll",b mRun: [CPM53e5634a] Rundll32.exe "c:\windows\system32\vijobaje.dll",a mRun: [net] "c:\windows\system32\net.net" mRun: [Framework Windows] frmwrk32.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [hekutedaze] Rundll32.exe "c:\windows\system32\fejolave.dll",s dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\admini~1\menudm~1\progra~1\dmarra~1\palmon~1.lnk - c:\program files\palmone\register.exe StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\assist~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE uPolicies-explorer: NoSetActiveDesktop = 1 (0x1) uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) uPolicies-system: <NO NAME> = 0 mPolicies-explorer: NoSetActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) dPolicies-system: DisableTaskMgr = 1 (0x1) IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll Notify: avgrsstarter - avgrsstx.dll AppInit_DLLs: c:\windows\system32\dinekega.dll c:\windows\system32\vijobaje.dll SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vijobaje.dll STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\vijobaje.dll LSA: Notification Packages = scecli c:\windows\system32\dinekega.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\wbjr0le2.default\ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\wbjr0le2.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast, );user_pref(yahoo.homepage.dontask, true ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-15 12552] R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888] R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-15 325896] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-15 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-15 108552] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-15 298776] S2 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360] S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2007-3-29 134912] S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [2008-1-18 42420] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-3-15 216232] S4 Av1080ser;Av1080ser; [x] =============== Created Last 30 ================ 2009-05-15 19:43 <DIR> --d----- c:\program files\Vilma 2009-05-15 13:32 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-05-15 13:31 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-05-15 13:31 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-15 13:31 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-15 13:31 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-05-15 13:31 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-05-15 13:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-05-15 13:09 1 a------- c:\windows\system32\uniq.tll 2009-05-15 12:59 1,641,124 ---sh--- c:\windows\system32\amemowoj.ini 2009-05-15 12:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\ptidle ==================== Find3M ==================== 2009-05-15 12:59 87,552 a--sh--- c:\windows\system32\vijobaje.dll 2009-05-15 12:59 80,384 a--sh--- c:\windows\system32\jowomema.dll 2009-04-18 09:00 470,828 a------- c:\windows\system32\perfh00C.dat 2009-04-18 09:00 76,144 a------- c:\windows\system32\perfc00C.dat 2009-03-09 06:19 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-06 16:46 286,208 a------- c:\windows\system32\pdh.dll 2009-02-20 10:31 663,552 a------- c:\windows\system32\wininet.dll 2009-02-20 10:31 81,920 a------- c:\windows\system32\ieencode.dll ============= FINISH: 19:59:06,65 =============== merci de bien vouloir m'aider. bien à vous, Banz