Virus Dialer aide pour log hijackthis

Question

Salut monpc est infecter par un dialer j orai besoin d aide pour le log hijackthisLogfile of HijackThis v1.99.1Scan saved at 11:34:20, on 18/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exeC:\Program Files\ewido anti-spyware 4.0\guard.exec:\APPS\HIDSERVICE\HIDSERVICE.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Apps\Powercinema\PCMService.exeC:\apps\ABoard\ABoard.exeC:\apps\ABoard\AOSD.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Macrogaming\SweetIM\SweetIM.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard BellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {D68E1862-17C3-41D5-8055-39EE9D886730} - C:\WINDOWS\system32\vtsts.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /wO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htmO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dllO20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32
vsvcd.exemerci d avancea+

Regis59 · Answer

Salut;Télécharge VirtumundoBegone sur le bureau:http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exeDouble clique ensuite sur VirtumundoBeGone.exe et suis les instructions. Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis. Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.

jojo · Answer

voila le rapport de virtumundo:[07/18/2006, 12:32:20] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jordan\Bureau\VirtumundoBeGone.exe" )[07/18/2006, 12:32:41] - Detected System Information:[07/18/2006, 12:32:41] -  Windows Version: 5.1.2600, Service Pack 2[07/18/2006, 12:32:41] -  Current Username: Jordan (Admin)[07/18/2006, 12:32:41] -  Windows is in NORMAL mode.[07/18/2006, 12:32:41] - Searching for Browser Helper Objects:[07/18/2006, 12:32:41] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)[07/18/2006, 12:32:41] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)[07/18/2006, 12:32:41] -  BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)[07/18/2006, 12:32:41] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()[07/18/2006, 12:32:41] - WARNING: BHO has no default name. Checking for Winlogon reference.[07/18/2006, 12:32:41] -  Checking for HKLM\...\Winlogon\Notify\SDHelper[07/18/2006, 12:32:41] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.[07/18/2006, 12:32:41] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)[07/18/2006, 12:32:41] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)[07/18/2006, 12:32:41] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)[07/18/2006, 12:32:41] -  BHO 8: {D68E1862-17C3-41D5-8055-39EE9D886730} ()[07/18/2006, 12:32:41] - WARNING: BHO has no default name. Checking for Winlogon reference.[07/18/2006, 12:32:41] -  Checking for HKLM\...\Winlogon\Notify\vtsts[07/18/2006, 12:32:41] -  Found: HKLM\...\Winlogon\Notify\vtsts - This is probably Virtumundo.[07/18/2006, 12:32:41] -  Assigning {D68E1862-17C3-41D5-8055-39EE9D886730} MSEvents Object[07/18/2006, 12:32:41] - BHO list has been changed! Starting over...[07/18/2006, 12:32:41] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)[07/18/2006, 12:32:41] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)[07/18/2006, 12:32:41] -  BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)[07/18/2006, 12:32:41] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()[07/18/2006, 12:32:41] - WARNING: BHO has no default name. Checking for Winlogon reference.[07/18/2006, 12:32:41] -  Checking for HKLM\...\Winlogon\Notify\SDHelper[07/18/2006, 12:32:41] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.[07/18/2006, 12:32:41] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)[07/18/2006, 12:32:41] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)[07/18/2006, 12:32:41] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)[07/18/2006, 12:32:41] -  BHO 8: {D68E1862-17C3-41D5-8055-39EE9D886730} (MSEvents Object)[07/18/2006, 12:32:42] - ALERT: Found MSEvents Object![07/18/2006, 12:32:42] -  BHO 9: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)[07/18/2006, 12:32:42] - Finished Searching Browser Helper Objects[07/18/2006, 12:32:42] - *** Detected MSEvents Object[07/18/2006, 12:32:42] - Trying to remove MSEvents Object...[07/18/2006, 12:32:43] -    Terminating Process: IEXPLORE.EXE[07/18/2006, 12:32:43] -    Terminating Process: RUNDLL32.EXE[07/18/2006, 12:32:43] -    Disabling Automatic Shell Restart[07/18/2006, 12:32:43] -    Terminating Process: EXPLORER.EXE[07/18/2006, 12:32:44] -    Suspending the NT Session Manager System Service[07/18/2006, 12:32:44] -    Terminating Windows NT Logon/Logoff Manager[07/18/2006, 12:37:46] -    Re-enabling Automatic Shell Restart[07/18/2006, 12:37:46] -   File to disable: C:\WINDOWS\system32\vtsts.dll[07/18/2006, 12:37:46] -  Renaming C:\WINDOWS\system32\vtsts.dll -> C:\WINDOWS\system32\vtsts.dll.vir[07/18/2006, 12:37:46] -  File successfully renamed![07/18/2006, 12:37:46] -   Removing HKLM\...\Browser Helper Objects\{D68E1862-17C3-41D5-8055-39EE9D886730}[07/18/2006, 12:37:46] -   Removing HKCR\CLSID\{D68E1862-17C3-41D5-8055-39EE9D886730}[07/18/2006, 12:37:46] -   Adding Kill Bit for ActiveX for GUID: {D68E1862-17C3-41D5-8055-39EE9D886730}[07/18/2006, 12:37:46] -   Deleting ATLEvents/MSEvents Registry entries[07/18/2006, 12:37:46] -   Removing HKLM\...\Winlogon\Notify\vtsts[07/18/2006, 12:37:46] - Searching for Browser Helper Objects:[07/18/2006, 12:37:46] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)[07/18/2006, 12:37:46] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)[07/18/2006, 12:37:46] -  BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)[07/18/2006, 12:37:46] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()[07/18/2006, 12:37:46] - WARNING: BHO has no default name. Checking for Winlogon reference.[07/18/2006, 12:37:46] -  Checking for HKLM\...\Winlogon\Notify\SDHelper[07/18/2006, 12:37:46] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.[07/18/2006, 12:37:46] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)[07/18/2006, 12:37:46] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)[07/18/2006, 12:37:46] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)[07/18/2006, 12:37:46] -  BHO 8: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)[07/18/2006, 12:37:46] - Finished Searching Browser Helper Objects[07/18/2006, 12:37:46] - Finishing up...[07/18/2006, 12:37:46] - A restart is needed.[07/18/2006, 12:37:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.[07/18/2006, 12:38:31] - Attempting to Restart via STOP error (Blue Screen!)[07/18/2006, 12:42:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jordan\Bureau\VirtumundoBeGone.exe" )[07/18/2006, 12:43:07] - Detected System Information:[07/18/2006, 12:43:07] -  Windows Version: 5.1.2600, Service Pack 2[07/18/2006, 12:43:07] -  Current Username: Jordan (Admin)[07/18/2006, 12:43:07] -  Windows is in NORMAL mode.[07/18/2006, 12:43:07] - Searching for Browser Helper Objects:[07/18/2006, 12:43:07] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)[07/18/2006, 12:43:07] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)[07/18/2006, 12:43:07] -  BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)[07/18/2006, 12:43:07] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()[07/18/2006, 12:43:07] - WARNING: BHO has no default name. Checking for Winlogon reference.[07/18/2006, 12:43:07] -  Checking for HKLM\...\Winlogon\Notify\SDHelper[07/18/2006, 12:43:07] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.[07/18/2006, 12:43:07] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)[07/18/2006, 12:43:07] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)[07/18/2006, 12:43:07] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)[07/18/2006, 12:43:07] -  BHO 8: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)[07/18/2006, 12:43:07] - Finished Searching Browser Helper Objects[07/18/2006, 12:43:07] - Finishing up...[07/18/2006, 12:43:07] - Nothing found! Exiting...et le rapport de hijackthis:Logfile of HijackThis v1.99.1Scan saved at 12:47:19, on 18/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEc:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exec:\APPS\HIDSERVICE\HIDSERVICE.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Apps\Powercinema\PCMService.exeC:\apps\ABoard\ABoard.exeC:\apps\ABoard\AOSD.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Macrogaming\SweetIM\SweetIM.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\TEMP\win47.tmp.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard BellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /wO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htmO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32
vsvcd.exemerci a+

jojo · Answer

l ecran bleu avec erreur fatale je l ai pa vu

Regis59 · Answer

Bonjour, Méthode à suivre dans l'ordre... ---------------------------------------------------------------------------- ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite: 1/Spybot S&D 1.4 https://www.safer-networking.org/ Démo d’utilisation (merci à Balltrap34 pour cette réalisation).http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm2/Ad-Aware SE 1.06 https://www.adaware.com/ -Une aide:http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc - installe le patch français, tu pourras le trouver ici: http://download.lavasoft.de.edgesuite.net/public/pllangs.exe et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).http://pageperso.aol.fr/balltrap34/adawrevid.asf 3/ Ewido: http://perso.orange.fr/entraide-hijackthis/Ewido/  Installation puis mises à jour. 4/ Ccleaner :https://www.pcastuces.com/logitheque/ccleaner.htm ---------------------------------------------------------------------------- ¤Affiche tous les fichiers et dossiers : Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage Coche « afficher les fichiers et dossiers cachés » Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" Décoche « masquer les extensions dont le type est connu » Puis fais «Ok» pour valider les changements. Et appliquer !---------------------------------------------------------------------------- ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32
vsvcd.exe ---------------------------------------------------------------------------- ¤Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5).  ----------------------------------------------------------------------------¤Recherche et supprime ceci: attention seulement les fichiers  (si présents).C:\WINDOWS\system32
vsvcd.exe C:\WINDOWS\system\smss.exe  ----------------------------------------------------------------------------¤Arrête ces services :Clique sur Démarrer->exécuter->tape: services.msc Double-clique: Service:  Windows Log Règle-le sur "Arrêté" et "Désactivé". ----------------------------------------------------------------------------¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.----------------------------------------------------------------------------¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…----------------------------------------------------------------------------¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…-------------------------------------------------------------------------------------------¤ Lance CCleaner.  Suppression des fichiers temporairesVa dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)•	Clique sur Analyse•	Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.•	Une fois le scan terminé, clique sur Lancer le Nettoyage Suppression des incohérence du registre•	Clique sur l'icône Erreurs situés dans la marge à gauche.•	Puis clique sur Analyser les erreurs•	Patiente pendant que CCleaner scan ton registre.•	Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.•	Tu peux cliquer ensuite sur Corriger les erreurs.Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement----------------------------------------------------------------------------¤ Vide ta Corbeille.----------------------------------------------------------------------------¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.Précise tes soucis s’il en reste.... Tiens-moi au courant  A+

jojo · Answer

salut et merci mais je n ai pa reusssi a avoir le raport d ewido car il arete le scan avant la fin ( il me mettai reste 5 min et 10 sec apre plu rien)je n ai pa reussi a supprimer  C:\windows\system\smss.exe (il m a refuser l acce) mai j ai kan mm le log de hijackthis:Logfile of HijackThis v1.99.1Scan saved at 16:15:14, on 19/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exec:\APPS\HIDSERVICE\HIDSERVICE.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Apps\Powercinema\PCMService.exeC:\apps\ABoard\ABoard.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\apps\ABoard\AOSD.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Macrogaming\SweetIM\SweetIM.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\TEMP\win5.tmp.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard BellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htmO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exemerci de m aiderA+

Regis59 · Answer

SalutRend toi sur ce site :http://www.virustotal.com/xhtml/virustotal_en.html Clik sur parcourirRecherche ceci :C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dllClik send et colle le rapport stpA+

jojo · Answer

re vla:Antivirus	Version	Update	ResultAntiVir	6.35.0.21	07.19.2006	TR/SweetieAuthentium	4.93.8	07.18.2006	no virus foundAvast	4.7.844.0	07.19.2006	no virus foundAVG	386	07.18.2006	no virus foundBitDefender	7.2	07.19.2006	no virus foundCAT-QuickHeal	8.00	07.19.2006	no virus foundClamAV	devel-20060426	07.19.2006	no virus foundDrWeb	4.33	07.19.2006	no virus foundeTrust-InoculateIT	23.72.72	07.19.2006	no virus foundeTrust-Vet	12.6.2301	07.19.2006	no virus foundEwido	4.0	07.19.2006	no virus foundFortinet	2.77.0.0	07.19.2006	no virus foundF-Prot	3.16f	07.18.2006	no virus foundF-Prot4	4.2.1.29	07.18.2006	no virus foundIkarus	0.2.65.0	07.19.2006	no virus foundKaspersky	4.0.2.24	07.19.2006	no virus foundMcAfee	4809	07.18.2006	no virus foundMicrosoft	1.1508	07.18.2006	no virus foundNOD32v2	1.1668	07.19.2006	no virus foundNorman	5.90.23	07.19.2006	no virus foundPanda	9.0.0.4	07.19.2006	Suspicious fileSophos	4.07.0	07.19.2006	no virus foundSymantec	8.0	07.19.2006	no virus foundTheHacker	5.9.8.177	07.18.2006	no virus foundUNA	1.83	07.19.2006	no virus foundVBA32	3.11.0	07.19.2006	no virus foundVirusBuster	4.3.7:9	07.18.2006	no virus foundAditional InformationFile size: 552960 bytesMD5: be8a8e331c0ae20676f0776259ffae93SHA1: d35fddac6d54407f4d08fe56cd924cb7d653b82f

Regis59 · Answer

Re,dans ajout suppression de programme, desinstalles ceciMacrogamingPuis supprime ici:C:\Program Files\MacrogamingEt dis moi les soucis qu il te reste?a+

jojo · Answer

je te remercie mai ce n est pa grave si je n ai pa reussi a supprimer C:\WINDOWS\system\smss.exe  ???

Regis59 · Answer

Re,Tu as bien essayé de le supprimer dans: C:\windows\systemCelui situé dans systeme32 lui est sain !A+

jojo · Answer

salutmerci bcp pour ton aide tt a l air de fonctionner normalement!!!   plu de panneau de dialer s affichan o demarage et avast ne me signale plu de virusmci bcp A+ (un jour peut etre ^^)

jojo · Answer

g kan mm une ptite question::est ce que c normal que ewido continue a me signaler un dialer??A+

Regis59 · Answer

SalutNon ce n est pas normal lolLance ewido et copie colle le rapport :-)a++

jojo · Answer

revoila chef^^---------------------------------------------------------ewido anti-spyware - Scan Report--------------------------------------------------------- + Created at:	23:24:39 19/07/2006 + Scan result:	C:\WINDOWS\system32\fccaayw.dll -> Adware.Virtumonde : No action taken.C:\WINDOWS\system32\vtsts.dll.vir -> Adware.Virtumonde : No action taken.:mozilla.12:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.13:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.14:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.15:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.16:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.61:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.62:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.63:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.64:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.65:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.66:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.:mozilla.90:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.91:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.96:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.36:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Adtech : No action taken.:mozilla.37:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Adtech : No action taken.:mozilla.20:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Advertising : No action taken.:mozilla.51:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Advertising : No action taken.:mozilla.105:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.:mozilla.41:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.:mozilla.34:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.:mozilla.50:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.C:\Documents and Settings\Jordan\Cookies\jordan@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.:mozilla.19:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.:mozilla.25:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.:mozilla.26:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.:mozilla.27:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.:mozilla.28:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.:mozilla.34:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Comclick : No action taken.:mozilla.37:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Comclick : No action taken.:mozilla.38:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Comclick : No action taken.:mozilla.82:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.:mozilla.33:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Estat : No action taken.:mozilla.12:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.:mozilla.18:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.:mozilla.20:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.:mozilla.22:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.:mozilla.23:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.:mozilla.24:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.:mozilla.49:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.:mozilla.43:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.:mozilla.10:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.:mozilla.11:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.:mozilla.7:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.:mozilla.8:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.:mozilla.9:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.:mozilla.29:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.:mozilla.30:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.:mozilla.33:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.:mozilla.42:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.:mozilla.43:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.:mozilla.48:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.C:\Documents and Settings\Jordan\Cookies\jordan@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.:mozilla.41:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.:mozilla.47:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.:mozilla.31:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Weborama : No action taken.:mozilla.35:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Weborama : No action taken.:mozilla.36:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Weborama : No action taken.:mozilla.13:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.:mozilla.14:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.:mozilla.15:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.:mozilla.16:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.:mozilla.23:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.:mozilla.24:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.:mozilla.25:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.:mozilla.26:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.C:\AntiVirScan.exe -> Worm.VB.dz : No action taken.C:\bac.exe -> Worm.VB.dz : No action taken.C:\bac2.exe -> Worm.VB.dz : No action taken.::Report endA+

Regis59 · Answer

SalutWahou, il en restait pas mal !!Relance ewido et cette fois supprime tout ce que ewido trouve.a+

jojo · Answer

Reg remarquer que les dialer se deplace toujours dans C:\WINDOWS\TEMP\idd**.temp.exeet ewido ne marche pa tre bien quand je met scan complet il s eteint au bous de 6 min de scan :(A+

Regis59 · Answer

SalutLance ce scan en ligne: http://www.bitdefender.fr/scan8/ie.html  Copie/colle le rapport

jojo · Answer

salut voila g fait le scan :BitDefender Online Scanner	 	 Rapport d'analyse généré à: Thu, Jul 20, 2006 - 14:18:53 	 	 Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;	 	  	 	 StatistiquesTemps	01:44:19Fichiers	490251Directoires	5760Secteurs de boot	3Archives	7822Paquets programmes	40805	 	 RésultatsVirus identifiés	3Fichiers infectés	12Fichiers suspects	0Avertissements	0Désinfectés	0Fichiers effacés	12	 	 Info sur les moteursDéfinition virus	415090Version des moteurs	AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)Analyse des plugins	13Archive des plugins	39Unpack des plugins	5E-mail plugins	6Système plugins	1	 	 Paramètres d'analysePremière action	DésinfectéSeconde Action	SuppriméHeuristique	OuiAcceptez les avertissements	OuiExtensions analysées	*;Excludez les extensions	 Analyse d'emails	OuiAnalyse des Archives	OuiAnalyser paquets programmes	OuiAnalyse des fichiers	OuiAnalyse de boot	Oui	 	  Fichier analysé	 StatutC:\AntiVirScan.exe	Infecté par: Worm.P2P.VB.Bacteria.BC:\AntiVirScan.exe	Echec de la désinfectionC:\AntiVirScan.exe	SuppriméC:\bac.exe	Infecté par: Worm.P2P.VB.Bacteria.BC:\bac.exe	Echec de la désinfectionC:\bac.exe	SuppriméC:\bac2.exe	Infecté par: Worm.P2P.VB.Bacteria.BC:\bac2.exe	Echec de la désinfectionC:\bac2.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP116\A0016634.exe	Infecté par: Worm.P2P.VB.Bacteria.BC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP116\A0016634.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP116\A0016634.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017609.exe	Infecté par: Worm.P2P.VB.Bacteria.BC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017609.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017609.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017610.exe	Infecté par: Worm.P2P.VB.Bacteria.BC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017610.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017610.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017611.exe	Infecté par: Worm.P2P.VB.Bacteria.BC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017611.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017611.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0002567.exe=>(CAB Sfx r)=>iexplorer.exe	Infecté par: Trojan.Clicker.VB.IBC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0002567.exe=>(CAB Sfx r)=>iexplorer.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0002567.exe=>(CAB Sfx r)=>iexplorer.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0002567.exe=>(CAB Sfx r)	Echec de la mise à jourC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP25\A0002988.exe	Infecté par: Trojan.Downloader.NIC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP25\A0002988.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP25\A0002988.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003249.exe	Infecté par: Trojan.Downloader.NIC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003249.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003249.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003250.exe	Infecté par: Trojan.Downloader.NIC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003250.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003250.exe	SuppriméC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP61\A0006809.exe	Infecté par: Worm.P2P.VB.Bacteria.BC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP61\A0006809.exe	Echec de la désinfectionC:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP61\A0006809.exe	Supprimé	 A+

Regis59 · Answer

SalutOu en sont tes soucis?a+

jojo · Answer

sltewido continu a me signaler un dialer.agent.Zet des fois il y a une sorte de sonnerie de telephone et juste apre il ya un panneau disant "connessione imposible....."ca me parrait louche ^^A+

jojo · Answer

le dialer se deplace dans C:\WINDOWS\TEMP\idd**.tmp.exe(il ya que les chiffres apre idd qui changent)

Regis59 · Answer

Salut jojoUtilise ceciClean Up 40:http://pageperso.aol.fr/balltrap34/CleanUp40.exe -aide en image:(merci à Balltrap34). http://pageperso.aol.fr/balltrap34/democleanup.htmPuis dis moi si ils sont toujours laa+

jojo · Answer

saluteh ba apres avoir attendu 20minle message d ewido et encore laA+

Regis59 · Answer

Re,rend toi ici:C:\WINDOWS\TEMP\Selectionne tout grace a la commande ctlr + aClik droit et supprime tout.a+

jojo · Answer

sltg supprime tt ce que je pouvai dans les temp mai il reste 2 dossier que g pa pu supprimer il me disai que je l utilisaij v attendre pour voir si ewido me le signale encore en tt cas merci pour ton aideA+

jojo · Answer

reavec une movaise nouvelle il est encore la A+

jojo · Answer

oups j avai oublier de vider la corbeille dsl ^^A+

jojo · Answer

reencore la :(  a croire qu il m aime bien ^^A+

jojo · Answer

luya un truc que je connai pa que g jamai installerca s appelle smart link 56k modem  il a une petite icone a coter de l heure et quan je reste dessu ya marque COM3est ce que tu sai ce que c ??a+

Regis59 · Answer

SalutCa fait partie de ta connection.---------------------------------------------------------------------------- ¤Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5).  Et retourne au meme endroit, c est a dire ici:C:\WINDOWS\TEMP\ Supprime TOUT ce qu il y a dedans !Vide ta corbeilleRedemarre ton PC, RETOURNE ICI:C:\WINDOWS\TEMP\ Verifie que c est vide.a+

jojo · Answer

sltil y avait 5 icone de dialer dans les temp en mode sans echec g supprimer tt les dossiermais il y avait un fichier invisible en mode sans echec mais visible en mode normal que je ne pe pa supprimerson nom c "Perflib_Perfdata_7e0.dat"(encore eu un message d ewido me disant qu il ya un dialer)A+

Regis59 · Answer

SalutEssai ceci :https://www.01net.com/telecharger/windows/Utilitaire/cryptage_et_securite/fiches/23822.html Démo d’utilisation ici (merci à Balltrap34 pour cette réalisation)http://pageperso.aol.fr/balltrap34/demochaos.swfSupprime tout ce qui se trouve dans le *temp.A+

jojo · Answer

sltg utilise le logiciel pour tt supprimer mais le dossier"Perflib_Perfdata_7e0.dat" revien juste apresque je l ai supprimeA+

Regis59 · Answer

Re,Il resiste lolTelecharge cecihttps://www.silentrunners.org/Silent%20Runners.vbs Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donneraA+

jojo · Answer

revla le texte ( et oui il resiste lol)"Silent Runners.vbs", revision 46, https://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Configuration de la C-BOX" = "C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" ["Terra Virtual"]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]"PCMService" = ""c:\Apps\Powercinema\PCMService.exe"" ["CyberLink Corp."]"ACTIVBOARD" = "c:\apps\ABoard\ABoard.exe" ["NEC Computers International"]"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]"EPSON Stylus DX3800 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"" ["SEIKO EPSON CORPORATION"]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "AcroIEHlprObj Class"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SWEETIE Class"                   \InProcServer32\(Default) = "C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll" [file not found]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Windows Live Sign-in Helper"                   \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Helper"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)  -> {HKLM...CLSID} = "EpsonToolBandKicker Class"                   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {HKLM...CLSID} = "Portable Media Devices"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {HKLM...CLSID} = "Portable Media Devices Menu"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"  -> {HKLM...CLSID} = "Microsoft Office Outlook"                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Outlook File Icon Extension"                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\office11\msohev.dll" [MS]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"  -> {HKLM...CLSID} = "Shell Search Band"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"  -> {HKLM...CLSID} = "PowerISO"                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"                   \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"                   \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"  -> {HKLM...CLSID} = "Mes dossiers de partage"                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! winbfi32\DLLName = "winbfi32.dll" [null data]HKLM\Software\Classes\PROTOCOLS\Filter\INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"                   \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"  -> {HKLM...CLSID} = "CContextScan Object"                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"  -> {HKLM...CLSID} = "PowerISO"                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"  -> {HKLM...CLSID} = "CContextScan Object"                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"  -> {HKLM...CLSID} = "PowerISO"                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"  -> {HKLM...CLSID} = "PowerISO"                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Jordan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\Xbox.scr" ["MacSourcery"]Enabled Scheduled Tasks:------------------------"Rappel d'enregistrement 2" -> launches: "C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:2" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"  -> {HKLM...CLSID} = "EPSON Web-To-Page"                   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"  -> {HKLM...CLSID} = "SweetIM For Internet Explorer"                   \InProcServer32\(Default) = "C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll" [file not found]"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"  -> {HKLM...CLSID} = "Yahoo! Toolbar"                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)  -> {HKLM...CLSID} = "EPSON Web-To-Page"                   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" = (no title provided)  -> {HKLM...CLSID} = "SweetIM For Internet Explorer"                   \InProcServer32\(Default) = "C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll" [file not found]"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)  -> {HKLM...CLSID} = "Yahoo! Toolbar"                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]Explorer BarsHKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Shell Search Band"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]{85D1F590-48F4-11D9-9669-0800200C9A66}\"MenuText" = "Uninstall BitDefender Online Scanner v8""Exec" = "%windir%\bdoscandel.exe" [null data]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Recherche"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"Missing lines (compared with English-language version):[Strings]: 2 linesHKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\"{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" = (no title provided)  -> {HKLM...CLSID} = "SweetIM For Internet Explorer"                   \InProcServer32\(Default) = "C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll" [file not found]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]CyberLink Background Capture Service (CBCS), CLCapSvc, ""c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"" [empty string]CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]CyberLink Task Scheduler (CTS), CLSched, ""c:\APPS\Powercinema\Kernel\TV\CLSched.exe"" [empty string]ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]Generic Service for HID Keyboard Input Collections, GenericHidService, "c:\APPS\HIDSERVICE\HIDSERVICE.exe" [null data]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]A+

Regis59 · Answer

Re,Télécharge: Pocket Killbox ici http://www.downloads.subratam.org/KillBox.exe :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::http://pageperso.aol.fr/balltrap34/killbox.htm 3/ puis lancer HijackThis: clique sur "do a system scan only" * Cocher la case au début de ces lignes: O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll * Valider avec fix checked 5/ Double clic sur killbox.exe (Pocket Killbox) - coche: delete on reboot - Dans "Full Path of File to Delete" - -Sélectionne "single File"copie et colle: C:\WINDOWS\SYSTEM32\winbfi32.dll - clique sur la croix rouge - une fenêtre va apparaître pour confirmation clique sur YES - une seconde fenêtre te demande si tu veux redémarrer clique sur YES Si ce message s’affiche ignore le :http://tinypic.com/images/goodbye.jpg Laisse le pc redémarrer.Passe clean up et ewido.Et après reposte un log HijackThis. A+

jojo · Answer

re prob il n y a pa la ligne O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll j ai fais le reste kan mmc tt ^^A+

jojo · Answer

euh nn il y a un autre prob on pe pa coller dans "Full Path of File to Delete" A+

Regis59 · Answer

Salutatend je reviens, j ai un probleme dans mon message, une ligne a sautéa+

Regis59 · Answer

Re,Fais ceci quand memeDouble clic sur killbox.exe (Pocket Killbox) - coche: delete on reboot - Dans "Full Path of File to Delete" copie et colle: C:\WINDOWS\SYSTEM32\winbfi32.dll -Sélectionne "single File" - clique sur la croix rouge - une fenêtre va apparaître pour confirmation clique sur YES - une seconde fenêtre te demande si tu veux redémarrer clique sur YES Si ce message s’affiche ignore le : http://tinypic.com/images/goodbye.jpg Laisse le pc redémarrer. Passe clean up et ewido. Et après reposte un log HijackThis. A+

jojo · Answer

lu apre avoir passe clean up  plus de barre demarer mozilla demare pa il manque les barres d outilsil manque des couleur autour de certaine iconesj croi qu il ya un blem^^A+

jojo · Answer

et la moitier des icone ne marche plusquand je double clic dessu ca me met un message d erreur

Regis59 · Answer

GrrrrFais une restauration systeme d aujourd hui ou hier.A+

jojo · Answer

slt comment on fait le restoration?(dsl si j v chier avec mes question^^)A+

Regis59 · Answer

lolTu ne gene pas je te rassuredemarer < tous les programmes < accessoire < outil systeme < restauration systeme.Suis la procédure.a+

jojo · Answer

sltrestauration trminer c revenuA+

Regis59 · Answer

Re,Ok ! Cleanup t as fait sauter certaines choses, domage.Je peux ravoir un silent runner, un hijack this et dis moi ce qu on te detecte !a+

jojo · Answer

re silent:"Silent Runners.vbs", revision 46, https://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Configuration de la C-BOX" = "C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" ["Terra Virtual"]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]"PCMService" = ""c:\Apps\Powercinema\PCMService.exe"" ["CyberLink Corp."]"ACTIVBOARD" = "c:\apps\ABoard\ABoard.exe" ["NEC Computers International"]"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]"EPSON Stylus DX3800 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"" ["SEIKO EPSON CORPORATION"]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "AcroIEHlprObj Class"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SWEETIE Class"                   \InProcServer32\(Default) = "C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll" [file not found]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Windows Live Sign-in Helper"                   \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Helper"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)  -> {HKLM...CLSID} = "EpsonToolBandKicker Class"                   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]hijackthis:Logfile of HijackThis v1.99.1Scan saved at 22:24:53, on 21/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exeC:\Program Files\ewido anti-spyware 4.0\guard.exec:\APPS\HIDSERVICE\HIDSERVICE.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Apps\Powercinema\PCMService.exeC:\apps\ABoard\ABoard.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\apps\ABoard\AOSD.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXEC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\WScript.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard BellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htmO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exeavst vien de detecterWin32:Klone-N [Trj]      Cheval de Troiedans le fichier: C:\windows\system32\winbfi32.dllet toujours le dialerdans C:\WINDOWS\TEMP\idd**temp.exeA+

Regis59 · Answer

Salut;Essai comme ceci:(si tu as deja kill box ne le retelecharge pas)télécharge : process xp ici: http://www.sysinternals.com/files/procexpnt.zip Télécharge: Pocket Killbox ici http://www.downloads.subratam.org/KillBox.exe 2/ Déconnecte toi du net. Ferme tous les programmes en cours (média player, internet explorer, ...etc) Dézippe (clic droit > extraire) process xp et double clic sur processxp.exe * Dans la fenêtre principale de processxp double clic sur winlogon.exe Dans la nouvelle fenêtre qui s'ouvre clique sur threads sélectionne seulement les lignes qui contiennent  winbfi32.dll puis clique sur kill pour chacune des lignes trouvées. une fois fait, valide avec ok * Dans la fenêtre principale de processxp double clic sur explorer.exe Dans la nouvelle fenêtre qui s'ouvre clique sur threads sélectionner seulement les lignes qui contiennent winbfi32.dll  puis clique sur kill pour chacune des lignes trouvées. une fois fait, valide avec ok 3/ puis lancer HijackThis: clique sur "do a system scan only" * Cocher la case au début de ces lignes: O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll * Valider avec fix checked 5/ Double clic sur killbox.exe (Pocket Killbox) - coche: delete on reboot - Dans "Full Path of File to Delete" -copie et colle: C:\WINDOWS\SYSTEM32\winbfi32.dll -Sélectionne "single File"- clique sur la croix rouge - une fenêtre va apparaître pour confirmation clique sur YES - une seconde fenêtre te demande si tu veux redémarrer clique sur YES Si ce message s’affiche ignore le :http://tinypic.com/images/goodbye.jpg Laisse le pc redémarrer.Et après reposte un log HijackThis. A+

jojo · Answer

rerapport;Logfile of HijackThis v1.99.1Scan saved at 23:36:01, on 21/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEc:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Apps\Powercinema\PCMService.exec:\APPS\HIDSERVICE\HIDSERVICE.exeC:\apps\ABoard\ABoard.exeC:\WINDOWS\system32
vsvc32.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\slserv.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\apps\ABoard\AOSD.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXEC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard BellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htmO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exela ligne O20 n apparai pa avec "do a scan only " il apparai que quan je fai avec le log est ce qu il fo que je le fasse avec  "faire le scan et sauver le log"???A+

Regis59 · Answer

Salut,Yes, on l a eu !!!!!!Relance hijack this pour pouvoir le fixer (et le voir)O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing) Redemarre et remet un log et dis moi ou en sont les soucis??a+

jojo · Answer

rerevoici un nouveau log apre avoir fixer l autre c** de fichier ^^Logfile of HijackThis v1.99.1Scan saved at 00:25:09, on 22/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEc:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Apps\Powercinema\PCMService.exec:\APPS\HIDSERVICE\HIDSERVICE.exeC:\apps\ABoard\ABoard.exeC:\WINDOWS\system32
vsvc32.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\slserv.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\apps\ABoard\AOSD.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXEC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard BellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htmO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exej espere que cette fois on l a eu ^^coriace ces ptites betes la^^A+

jojo · Answer

heychapeau l artiste g refai un scan d ewido et la plu rien clean propre bien jouerjuste comme ca ;) T informaticien?bravo clap clap clap lolA+

Regis59 · Answer

Bonsoir jojo;Eh oui je traine encore... lolSi tout est reglé, je suis aussi content que toi !Par contre pour ta securité, il serait impératif d installer un pare feu, qu en penses tu?Congratulations a toi aussi d avoir fait toutes ces manips avec brio !Informaticien? lol Ah nan loin de la, juste un passionné. Je suis étudiant, je n ai que 19ans.Et toi que fais tu dans la vie?Tu dois etre dans les bras de Morphée, donc, Bonne nuit ;-)a+

jojo · Answer

remais g deja un pare feu g le pare feu windowsmoi j sui juste en seconde ^^A+

Regis59 · Answer

Re,Tu passes en seconde ou tu viens de terminer la seconde?Le pare feu windows n est pas vraiment un pare feu car il ne controle pas les entrées/sorties de ton pc vers Internet.Est ce que tu souhaites desormais en installer un, autre que celui de windows qui n'est pas tres protecteur? Ou dois je tout simplement te donner de la lecture pour te convaincre?A+

jojo · Answer

reje passe en seconde pour un pare feu ta un lien?les pare feu ca bloque les jeu quand tu joues sur internet nn?A+

Regis59 · Answer

re,Ah donc tu passes au lycée ! Super le lycée tu verras, tu passeras d'excellents moments :-DVraiment bien le lycée, aucune raison d avoir peur, si si, je t assures, c est tranquille ! lolIci tu trouveras l adresse pour les pare feu:http://entraide.aceboard.fr/175280-2008-988-0-Securiser-Proteger-ordinateur-contr...Je te conseillerais Kério.Le blocage ou l acces c est toi qui le decide.Dans le cas ou ca bloque quelque chose, tu desactive le pare feu, en clikant droit sur son icone pres de l horloge et tu le desactive, puis tu viens nous demander conseils.A+

jojo · Answer

reautrement sur tt les logiciel que g telecharger il fo que je garde lesquels?avast+ewido+adware+Ccleaner+spybot+le pare feu?A+

Regis59 · Answer

Re,Pour le pare feu, j ai repondu au dessu.Il faut que tu les gardes tous !-avast et ton pare feu, tu les laisses toujours actif(n oublie pas les mises a jour)-spybotadwareccleanerewido mises a jour egalement et scan tous les 3semaines ton pc avec !A+

jojo · Answer

re ok merci bien jouer^^A+(on sait jamais j aurai surment d otre probleme meme si j espere que nn)^^

Regis59 · Answer

Bonsoir,Désolé de repondre si tard mais y a de l orage ^^Felicitations pour ce que tu as fais :-)Si tu as des soucis, n hesites pasa+

Virus Dialer aide pour log hijackthis

62 réponses

Votre réponse

Discussions similaires

Newsletters