Virus win32 zlob-hm internet plante, winantiv
hulotte1974
Messages postés
33
Statut
Membre
-
dom -
dom -
Bonjour,
J'ai un PC sous XP et j'ai eu un virus il y a quelques jours. Prise de panisuq ej'ai passé tout ce que j'ai trouvé sous la main (Spybot, avast, avg, hitman pro, adaware) il m'a bien trouvé un virus nommé win 32 ZLOB-HM. Depuis internet est super lent, je ne sais ouvrir qu'ne fenêtre à la fois sinon internet plante. J'ai des pub qui s'affichent notamment une sur winantivirus pro 2006 qui me signale que j'ai été infectée et me propose d'acheter le programme quand j'ai lancé le scan et depuis je n'arrive plus à me débarraser de cette page qui me signale que j'ai contracté des virus...
voici ce que ça raconte:
Votre PC pourrait être vulnérable à Serwab. Nous vous conseillons de TELECHARGER une des solutions de sécurité suivantes pour éviter toute autre infection.
Le dangereux virus Serwab est apparu en Août 2006 détruisant, à son passage, l’information dans les ordinateurs où il s'est installé. Ce virus, qui a déjà infecté plus d’1 million de PC autour du monde, continue à se propager sur le net devenant fatal.
Adresse IP : ****
Navigateur : ****
Systèmes d’exploitation : ****
Données du PC : obtenus
Localisation du PC: ****
Menaces récentes
- Trojan.Linkoptimizer
- Backdoor.Lassrv.B
- W32.Rungbu
- W32.Spybot.AKKC
- W32.Rahack.
Et puis bien entendu il me vante les mérites de winantivirus Pro2006 et winantispyware 2006
L'info vient du site: amena.com
Pouvez=vous m'aider, je suis vraiment stressée car j'ai beaucoup de données sur mon PC (non confidentielle mais qui me sont chères) donc je voudrait ne pas avroi recours au formatage.
Merci d'avance.
Hulotte.
J'ai un PC sous XP et j'ai eu un virus il y a quelques jours. Prise de panisuq ej'ai passé tout ce que j'ai trouvé sous la main (Spybot, avast, avg, hitman pro, adaware) il m'a bien trouvé un virus nommé win 32 ZLOB-HM. Depuis internet est super lent, je ne sais ouvrir qu'ne fenêtre à la fois sinon internet plante. J'ai des pub qui s'affichent notamment une sur winantivirus pro 2006 qui me signale que j'ai été infectée et me propose d'acheter le programme quand j'ai lancé le scan et depuis je n'arrive plus à me débarraser de cette page qui me signale que j'ai contracté des virus...
voici ce que ça raconte:
Votre PC pourrait être vulnérable à Serwab. Nous vous conseillons de TELECHARGER une des solutions de sécurité suivantes pour éviter toute autre infection.
Le dangereux virus Serwab est apparu en Août 2006 détruisant, à son passage, l’information dans les ordinateurs où il s'est installé. Ce virus, qui a déjà infecté plus d’1 million de PC autour du monde, continue à se propager sur le net devenant fatal.
Adresse IP : ****
Navigateur : ****
Systèmes d’exploitation : ****
Données du PC : obtenus
Localisation du PC: ****
Menaces récentes
- Trojan.Linkoptimizer
- Backdoor.Lassrv.B
- W32.Rungbu
- W32.Spybot.AKKC
- W32.Rahack.
Et puis bien entendu il me vante les mérites de winantivirus Pro2006 et winantispyware 2006
L'info vient du site: amena.com
Pouvez=vous m'aider, je suis vraiment stressée car j'ai beaucoup de données sur mon PC (non confidentielle mais qui me sont chères) donc je voudrait ne pas avroi recours au formatage.
Merci d'avance.
Hulotte.
A voir également:
- Virus win32 zlob-hm internet plante, winantiv
- Virus mcafee - Accueil - Piratage
- Gps sans internet - Guide
- Mon pc rame sur internet - Guide
- Internet explorer - Guide
- Complete internet repair - Télécharger - Web & Internet
21 réponses
Bonsoir Hulotte,
Rends toi ici et fais exactement ce qui est demandé ;)
virus methode preliminaire de desinfection version fr
Courage, Kristopher
Rends toi ici et fais exactement ce qui est demandé ;)
virus methode preliminaire de desinfection version fr
Courage, Kristopher
Merci pour la marche à suivre. (mon PC tourne déjà beaucoup mieux, super !)
Voici mes rapports
Rapport EWIDO
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:24:16 25/08/2006
+ Scan result:
C:\Program Files\Safety Bar -> Adware.Generic : No action taken.
C:\Program Files\Safety Bar\Uninstall.bat -> Adware.Generic : No action taken.
C:\Program Files\Safety Bar\__delete_on_reboot__S_a_f_e_t_y_ _B_a_r_._d_l_l_ -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Bar -> Adware.Generic : No action taken.
HKU\S-1-5-21-208057672-11873437-2881473170-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : No action taken.
HKU\S-1-5-21-208057672-11873437-2881473170-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\TSOFLPO1\anti4[1].exe -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\iiffecc.dll -> Adware.Virtumonde : No action taken.
HKU\S-1-5-21-208057672-11873437-2881473170-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temp\nsysaudm.sys -> Backdoor.Genlot.DX : No action taken.
C:\WINDOWS\system32\ixt0.dll -> Downloader.Zlob.agh : No action taken.
C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.yj : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\ILP27Q1G\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\system32\bbstlwky.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\fkkedick.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\jeydyhkc.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\jjidtsfv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\nagiyvub.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\oixnmmco.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\onhnmbiv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\sbldpudn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\sgbtlqjp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\issearch.exe -> Not-A-Virus.Hoax.Win32.Renos.eg : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@franklintempleton.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@site.www.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@www.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@e-2dj6wjl4gpczolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@ads13.hyperbanner[2].txt -> TrackingCookie.Hyperbanner : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@ivwbox[2].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@komtrack[2].txt -> TrackingCookie.Komtrack : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\8B73MODX\srvkrl[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\APZ8X07Q\srvxrh[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\CTMRS96Z\srvhqx[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\CX2Z8D2R\srvbwl[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\TSOFLPO1\srvywp[1].exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win108.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win10F.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win112.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win114.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\winF5.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\winF9.tmp.exe -> Trojan.Pakes : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.
::Report end
Rapport Bitdefender
BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Aug 25, 2006 - 23:46:56
Scan Info
Scanned Files 499465
Infected Files 18
Virus Detected
Trojan.Downloader.Zlob.UK 1
Trojan.Downloader.Winfixer.O 2
Trojan.Starter.V 2
Trojan.Zlob.BC 1
Adware.Safetybar.B 2
Trojan.Adload.MAS 9
Trojan.Downloader.Zlob.TZ 1
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
Rapport Hijack this (je n’ai rien fixé...)
Logfile of HijackThis v1.99.1
Scan saved at 15:44:18, on 26/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Picasa2\Picasa2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx?new_lang=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D78B11CE-D9BA-40B3-9454-A26DF4DDF7D5} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O15 - Trusted IP range: http://66.230.*.*
O15 - Trusted IP range: http://66.235.*.*
O15 - Trusted IP range: http://69.31.*.*
O15 - Trusted IP range: http://69.50.*.*
O15 - Trusted IP range: http://205.177.*.*
O15 - Trusted IP range: http://205.188.*.*
O15 - Trusted IP range: http://70.84.*.*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Voici mes rapports
Rapport EWIDO
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:24:16 25/08/2006
+ Scan result:
C:\Program Files\Safety Bar -> Adware.Generic : No action taken.
C:\Program Files\Safety Bar\Uninstall.bat -> Adware.Generic : No action taken.
C:\Program Files\Safety Bar\__delete_on_reboot__S_a_f_e_t_y_ _B_a_r_._d_l_l_ -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Bar -> Adware.Generic : No action taken.
HKU\S-1-5-21-208057672-11873437-2881473170-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : No action taken.
HKU\S-1-5-21-208057672-11873437-2881473170-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\TSOFLPO1\anti4[1].exe -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\iiffecc.dll -> Adware.Virtumonde : No action taken.
HKU\S-1-5-21-208057672-11873437-2881473170-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temp\nsysaudm.sys -> Backdoor.Genlot.DX : No action taken.
C:\WINDOWS\system32\ixt0.dll -> Downloader.Zlob.agh : No action taken.
C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.yj : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\ILP27Q1G\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\system32\bbstlwky.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\fkkedick.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\jeydyhkc.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\jjidtsfv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\nagiyvub.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\oixnmmco.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\onhnmbiv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\sbldpudn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\sgbtlqjp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\issearch.exe -> Not-A-Virus.Hoax.Win32.Renos.eg : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@franklintempleton.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@site.www.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@www.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@e-2dj6wjl4gpczolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@ads13.hyperbanner[2].txt -> TrackingCookie.Hyperbanner : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@ivwbox[2].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@komtrack[2].txt -> TrackingCookie.Komtrack : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Nom123\Cookies\nom123@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\8B73MODX\srvkrl[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\APZ8X07Q\srvxrh[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\CTMRS96Z\srvhqx[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\CX2Z8D2R\srvbwl[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\Nom123\Local Settings\Temporary Internet Files\Content.IE5\TSOFLPO1\srvywp[1].exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win108.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win10F.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win112.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win114.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\winF5.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\winF9.tmp.exe -> Trojan.Pakes : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.
::Report end
Rapport Bitdefender
BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Aug 25, 2006 - 23:46:56
Scan Info
Scanned Files 499465
Infected Files 18
Virus Detected
Trojan.Downloader.Zlob.UK 1
Trojan.Downloader.Winfixer.O 2
Trojan.Starter.V 2
Trojan.Zlob.BC 1
Adware.Safetybar.B 2
Trojan.Adload.MAS 9
Trojan.Downloader.Zlob.TZ 1
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
Rapport Hijack this (je n’ai rien fixé...)
Logfile of HijackThis v1.99.1
Scan saved at 15:44:18, on 26/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Picasa2\Picasa2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx?new_lang=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D78B11CE-D9BA-40B3-9454-A26DF4DDF7D5} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O15 - Trusted IP range: http://66.230.*.*
O15 - Trusted IP range: http://66.235.*.*
O15 - Trusted IP range: http://69.31.*.*
O15 - Trusted IP range: http://69.50.*.*
O15 - Trusted IP range: http://205.177.*.*
O15 - Trusted IP range: http://205.188.*.*
O15 - Trusted IP range: http://70.84.*.*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Salut,
Refais un scan avec Ewido stp. puis à nouveau avec l'antivirus en ligne (mais mets cette fois-ci le rapport complet).
Copie/colle les 2 rapports
a+
Refais un scan avec Ewido stp. puis à nouveau avec l'antivirus en ligne (mais mets cette fois-ci le rapport complet).
Copie/colle les 2 rapports
a+
Bonsoir,
Voici les 2 rapports. J'espère que celui de bitdefender c'est bien le bon.
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:04:21 26/08/2006
+ Scan result:
C:\Documents and Settings\Nom456\Local Settings\Temporary Internet Files\Content.IE5\ILP27Q1G\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Nom456\Cookies\nom456@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Nom456\Cookies\nom456@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Nom456\Cookies\nom456@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
::Report end
BitDefender Online Scanner
Scan report generated at: Sat, Aug 26, 2006 - 22:37:39
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;
Statistics
Time 01:29:35
Files 497186
Folders 7157
Boot Sectors 4
Archives 11382
Packed Files 27705
Results
Identified Viruses 3
Infected Files 11
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 11
Engines Info
Virus Definitions 450834
Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins 13
Archive plugins 39
Unpack plugins 5
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012971.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012971.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012971.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012972.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012972.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012972.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012973.exe Infected with: Trojan.Zlob.BC
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012973.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012973.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012974.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012974.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012974.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012975.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012975.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012975.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012976.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012976.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012976.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012977.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012977.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012977.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012978.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012978.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012978.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012979.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012979.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012979.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012980.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012980.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012980.exe Deleted
C:\WINDOWS\Temp\winDE.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003 Infected with: Trojan.Starter.V
C:\WINDOWS\Temp\winDE.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003 Disinfection failed
C:\WINDOWS\Temp\winDE.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003 Deleted
C:\WINDOWS\Temp\winDE.tmp.exe=>(NSIS o) Update failed
Bonne soirée,
Hulotte
Voici les 2 rapports. J'espère que celui de bitdefender c'est bien le bon.
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:04:21 26/08/2006
+ Scan result:
C:\Documents and Settings\Nom456\Local Settings\Temporary Internet Files\Content.IE5\ILP27Q1G\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Nom456\Cookies\nom456@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Nom456\Cookies\nom456@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Nom456\Cookies\nom456@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
::Report end
BitDefender Online Scanner
Scan report generated at: Sat, Aug 26, 2006 - 22:37:39
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;
Statistics
Time 01:29:35
Files 497186
Folders 7157
Boot Sectors 4
Archives 11382
Packed Files 27705
Results
Identified Viruses 3
Infected Files 11
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 11
Engines Info
Virus Definitions 450834
Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins 13
Archive plugins 39
Unpack plugins 5
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012971.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012971.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012971.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012972.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012972.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012972.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012973.exe Infected with: Trojan.Zlob.BC
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012973.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012973.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012974.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012974.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012974.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012975.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012975.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012975.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012976.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012976.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012976.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012977.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012977.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012977.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012978.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012978.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012978.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012979.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012979.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012979.exe Deleted
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012980.exe Infected with: Trojan.Adload.MAS
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012980.exe Disinfection failed
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP159\A0012980.exe Deleted
C:\WINDOWS\Temp\winDE.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003 Infected with: Trojan.Starter.V
C:\WINDOWS\Temp\winDE.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003 Disinfection failed
C:\WINDOWS\Temp\winDE.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003 Deleted
C:\WINDOWS\Temp\winDE.tmp.exe=>(NSIS o) Update failed
Bonne soirée,
Hulotte
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Coucou,
Tu as 2 antivirus, or c'est fortement déconseillé. Donc désinstalle en un. Je te conseille de garder Avast.
Mais avant de désinstaller eTrust Antivirus, vide la quarantaine de l'antivirus.
Ensuite :
1/ Vide la quarantaine de tous les anti-malwares (Avast, Ewido, Spy Sweeper etc.)
2/ Clique droit sur "Poste de travail" -> "Propriétés" -> onglet "Restauration du système" -> tu coches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "Oui".
Ensuite, tu décoches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "OK".
3/ Télécharge et nettoie ton PC avec CCLEANER :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé). Recommence jusqu’à ce qu’il ne trouve plus rien.
4/ Coche et fixe ces lignes avec HijackThis :
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O15 - Trusted IP range: http://66.230.*.*
O15 - Trusted IP range: http://66.235.*.*
O15 - Trusted IP range: http://69.31.*.*
O15 - Trusted IP range: http://69.50.*.*
O15 - Trusted IP range: http://205.177.*.*
O15 - Trusted IP range: http://205.188.*.*
O15 - Trusted IP range: http://70.84.*.*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
5/ Remets un nouveau log HijackThis stp.
Bon courage Hulotte de Belgique, Kristopher
Tu as 2 antivirus, or c'est fortement déconseillé. Donc désinstalle en un. Je te conseille de garder Avast.
Mais avant de désinstaller eTrust Antivirus, vide la quarantaine de l'antivirus.
Ensuite :
1/ Vide la quarantaine de tous les anti-malwares (Avast, Ewido, Spy Sweeper etc.)
2/ Clique droit sur "Poste de travail" -> "Propriétés" -> onglet "Restauration du système" -> tu coches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "Oui".
Ensuite, tu décoches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "OK".
3/ Télécharge et nettoie ton PC avec CCLEANER :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé). Recommence jusqu’à ce qu’il ne trouve plus rien.
4/ Coche et fixe ces lignes avec HijackThis :
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O15 - Trusted IP range: http://66.230.*.*
O15 - Trusted IP range: http://66.235.*.*
O15 - Trusted IP range: http://69.31.*.*
O15 - Trusted IP range: http://69.50.*.*
O15 - Trusted IP range: http://205.177.*.*
O15 - Trusted IP range: http://205.188.*.*
O15 - Trusted IP range: http://70.84.*.*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
5/ Remets un nouveau log HijackThis stp.
Bon courage Hulotte de Belgique, Kristopher
Salut,
Voici mon dernier log, en espérant ne plus ramasser des sales bebêtes. ;)
Logfile of HijackThis v1.99.1
Scan saved at 14:39:14, on 2/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx?new_lang=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B6DB486A-9277-4F27-9446-E5697B1DE73F} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Voici mon dernier log, en espérant ne plus ramasser des sales bebêtes. ;)
Logfile of HijackThis v1.99.1
Scan saved at 14:39:14, on 2/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx?new_lang=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B6DB486A-9277-4F27-9446-E5697B1DE73F} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Bonjour,
Toujours infectée...
Télécharge VundoFix sur ton Bureau.
http://www.atribune.org/downloads/VundoFix.exe
. Double-clique VundoFix.exe.
. Coche la case "Run VundoFix as a "task".
-> Attends le redémarrage de Vundofix
. Clique sur le bouton "Scan for Vundo".
. Puis clique sur le bouton "Remove Vundo".
. Ensuite sur "yes" pour confirmer
. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
. Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"), clique sur "OK"
. Démarre ton PC à nouveau.
. Colle le rapport situé dans C:\vundofix.txt ici.
Courage Hulotte, Kristopher
Toujours infectée...
Télécharge VundoFix sur ton Bureau.
http://www.atribune.org/downloads/VundoFix.exe
. Double-clique VundoFix.exe.
. Coche la case "Run VundoFix as a "task".
-> Attends le redémarrage de Vundofix
. Clique sur le bouton "Scan for Vundo".
. Puis clique sur le bouton "Remove Vundo".
. Ensuite sur "yes" pour confirmer
. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
. Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"), clique sur "OK"
. Démarre ton PC à nouveau.
. Colle le rapport situé dans C:\vundofix.txt ici.
Courage Hulotte, Kristopher
Salut Kristopher,
Un grand merci pour ton aide (je commence à vraiment désespérer...)
J'ai mis le programme sur mon bureau mais il me propose juste une touche pour installer et pas une à cocher"Run VundoFix as a "task". J'ai cliqué sur install et j'ai un répertoire sur mon bureau avec 4 fichiers (process.exe, vundo.reg, readme.txt et killvundo.bat). Que dois-je faire?
Merci.
Un grand merci pour ton aide (je commence à vraiment désespérer...)
J'ai mis le programme sur mon bureau mais il me propose juste une touche pour installer et pas une à cocher"Run VundoFix as a "task". J'ai cliqué sur install et j'ai un répertoire sur mon bureau avec 4 fichiers (process.exe, vundo.reg, readme.txt et killvundo.bat). Que dois-je faire?
Merci.
Bonjour,
J'ai tant bien que mal obtenu un rapport de vundo, mais je ne suis pas parvenue à lancer l'application comme décrit plus haut donc je ne suis pas sûre qu'il est conforme.
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------
Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------
CCleaner.lnk
Hijackthis Version Fran‡aise.lnk
HijackThis.exe
Hijackthis.lnk
Hitman Pro.lnk
killvundo.bat
Lecteur Windows Media.lnk
liste faire-part naissance.xls
PatiBabyBoy.zip
PatiBabyGirl.zip
PatiBleuParadis1.zip
PatiBleuParadis2.zip
process.exe
ReadMe.txt
Spybot - Search & Destroy.lnk
vundo.reg
VundoFix
VundoFix.exe
vundofix.txt
--------------------------------------------------------------------------------------
Filepaths entered
--------------------------------------------------------------------------------------
The filepath entered was c:bureau
The second filepath entered was c:bureau
--------------------------------------------------------------------------------------
Log from Process
--------------------------------------------------------------------------------------
Killing PID 384 'smss.exe'
Killing PID 1504 'explorer.exe'
Killing PID 1504 'explorer.exe'
Killing PID 548 'winlogon.exe'
Killing PID 548 'winlogon.exe'
--------------------------------------------------------------------------------------
c:bureau Deleted sucessfully.
c:bureau Deleted sucessfully.
Fixing Registry
--------------------------------------------------------------------------------------
J'ai tant bien que mal obtenu un rapport de vundo, mais je ne suis pas parvenue à lancer l'application comme décrit plus haut donc je ne suis pas sûre qu'il est conforme.
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------
Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------
CCleaner.lnk
Hijackthis Version Fran‡aise.lnk
HijackThis.exe
Hijackthis.lnk
Hitman Pro.lnk
killvundo.bat
Lecteur Windows Media.lnk
liste faire-part naissance.xls
PatiBabyBoy.zip
PatiBabyGirl.zip
PatiBleuParadis1.zip
PatiBleuParadis2.zip
process.exe
ReadMe.txt
Spybot - Search & Destroy.lnk
vundo.reg
VundoFix
VundoFix.exe
vundofix.txt
--------------------------------------------------------------------------------------
Filepaths entered
--------------------------------------------------------------------------------------
The filepath entered was c:bureau
The second filepath entered was c:bureau
--------------------------------------------------------------------------------------
Log from Process
--------------------------------------------------------------------------------------
Killing PID 384 'smss.exe'
Killing PID 1504 'explorer.exe'
Killing PID 1504 'explorer.exe'
Killing PID 548 'winlogon.exe'
Killing PID 548 'winlogon.exe'
--------------------------------------------------------------------------------------
c:bureau Deleted sucessfully.
c:bureau Deleted sucessfully.
Fixing Registry
--------------------------------------------------------------------------------------
Bonsoir,
Je viens de tester et ça marche.
En fait, après l'installation tu procèdes comme indiqué au poste < 7 >.
J'attends le bon rapport.
Merci,
a+
Je viens de tester et ça marche.
En fait, après l'installation tu procèdes comme indiqué au poste < 7 >.
J'attends le bon rapport.
Merci,
a+
salut Kristopher,
Après une pause PC pour cause d'un petit séjour à la mer avec mes enfants me revoici à l'attaque pour combattre d'un pied ferme mon infection... J'ai eu droit à ma 1ère pub porno. :/
ça a marché du premier coup cette fois pour vundo... Donc voici le rapport.
VundoFix V6.1.4
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 14:33:36 11/09/2006
Listing files found while scanning....
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Voici et merci pour l'analyse et les conseils.
Après une pause PC pour cause d'un petit séjour à la mer avec mes enfants me revoici à l'attaque pour combattre d'un pied ferme mon infection... J'ai eu droit à ma 1ère pub porno. :/
ça a marché du premier coup cette fois pour vundo... Donc voici le rapport.
VundoFix V6.1.4
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 14:33:36 11/09/2006
Listing files found while scanning....
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Voici et merci pour l'analyse et les conseils.
Coucou hulotte1974,
Dis moi, comment cela se fait-il que maintenant le logiciel marche alors qu'avant il ne marchait pas ?! lol
Si non, c'est OK, VundoFix a bien fonctionné ;)
Remets un nouveau log HT stp.
a+
Dis moi, comment cela se fait-il que maintenant le logiciel marche alors qu'avant il ne marchait pas ?! lol
Si non, c'est OK, VundoFix a bien fonctionné ;)
Remets un nouveau log HT stp.
a+
Salut Kristopher,
Et bien pour ne rien te cacher j'ai été directement sur leur site. Je ne comprends pas trop mais en tous les cas ça a marché et c'est ce qui compte. ;)
voici le log HT
Logfile of HijackThis v1.99.1
Scan saved at 20:09:45, on 11/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx?new_lang=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E852836-64F4-4A52-AA5E-501301E2B90D} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Bonne soirée,
Hulotte
Et bien pour ne rien te cacher j'ai été directement sur leur site. Je ne comprends pas trop mais en tous les cas ça a marché et c'est ce qui compte. ;)
voici le log HT
Logfile of HijackThis v1.99.1
Scan saved at 20:09:45, on 11/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx?new_lang=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E852836-64F4-4A52-AA5E-501301E2B90D} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Bonne soirée,
Hulotte
Re Hulotte,
C'est long mais on va y arriver, ne t'inquiètes pas car je suis là ;)
Je viens de voir que tu as utilisé l'ancienne version du logiciel.
Télécharge VundoFix V6.1.5 ici :
http://www.atribune.org/content/view/24/2/
. Double-clique VundoFix.exe.
. Coche la case "Run VundoFix as a "task".
-> Attends le redémarrage de Vundofix
. Clique sur le bouton "Scan for Vundo".
. Puis clique sur le bouton "Remove Vundo".
. Ensuite sur "yes" pour confirmer
. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
. Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"), clique sur "OK"
. Démarre ton PC à nouveau.
. Colle le rapport situé dans C:\vundofix.txt ici.
C'est long mais on va y arriver, ne t'inquiètes pas car je suis là ;)
Je viens de voir que tu as utilisé l'ancienne version du logiciel.
Télécharge VundoFix V6.1.5 ici :
http://www.atribune.org/content/view/24/2/
. Double-clique VundoFix.exe.
. Coche la case "Run VundoFix as a "task".
-> Attends le redémarrage de Vundofix
. Clique sur le bouton "Scan for Vundo".
. Puis clique sur le bouton "Remove Vundo".
. Ensuite sur "yes" pour confirmer
. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
. Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"), clique sur "OK"
. Démarre ton PC à nouveau.
. Colle le rapport situé dans C:\vundofix.txt ici.
Salut,
Bon voici mon nouveau rapport...
VundoFix V6.1.5
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 18:11:24 12/09/2006
Listing files found while scanning....
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
A+,
Hulotte
Bon voici mon nouveau rapport...
VundoFix V6.1.5
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 18:11:24 12/09/2006
Listing files found while scanning....
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
A+,
Hulotte
Salut,
Si tu es fatigué (mets toi à ma place pour comparer) et bien on peut arrêter tout de suite ?
On continue ?
Si tu es fatigué (mets toi à ma place pour comparer) et bien on peut arrêter tout de suite ?
On continue ?
Salut,
En attendant, voici mon log du HT.
Logfile of HijackThis v1.99.1
Scan saved at 9:52:42, on 14/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Picasa2\Picasa2.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx?new_lang=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64CB8F47-E855-4F62-AE8F-FBA30CF7A41E} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Hulotte
En attendant, voici mon log du HT.
Logfile of HijackThis v1.99.1
Scan saved at 9:52:42, on 14/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Picasa2\Picasa2.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx?new_lang=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64CB8F47-E855-4F62-AE8F-FBA30CF7A41E} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D3C53B-972F-4050-8EE6-08F79DED42C9}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Hulotte
