winantivir and co Résolu/Fermé

Question

Bonjour, voila comme je le dit dans le titre j'ai un problème avec winantivir, registre repair pro etc....... qui viennent sans arrêt.
De plus il se trouve que cela a commencé quant une demi douzaine de trojan ont infecté mon pc.
Après avoir essayé plusieurs chose, mais rien ne marche.
J’ai utilisé ccleaner, adaware, clean up, spyboot, docteur web, avast et pour terminer a-squared en mode échec et sans échec rien n'a résoud mon problème.
J’ai utilisé hijackthis pour vous donner le plus d'information possible, par contre je suis novice et ne comprend pas très bien langage informatique, si vous m'aidiez serait il possible de le faire avec des mots simple merci

Logfile of HijackThis v1.99.1
Scan saved at 19:59:35, on 19/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\apps\ABoard\AOSD.exe
D:\msn\MsgPlus.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
D:\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\office11\WINWORD.EXE
C:\Documents and Settings\bill\Mes documents\bill\hijackyhis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\msn\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\uqroaoiv.dll",setvm
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\office11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.emule-mania.com
O15 - Trusted Zone: http://ed2k-series-forum.new.fr
O15 - Trusted Zone: http://ed2k-series.new.fr 
O15 - Trusted Zone: http://www.poplist.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

voila ce que l'évaluation m'a donné

       
 HijackThis.de Security Téléchargement direct
Vers le site du développeur
Database 
     
      
  
  Evaluation de votre log créé par HijackThis 
HijackThis opens you a possibility to find and fix nasty entries on your computer easier.
Therefore it will scan special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile. In order to find out what entries are nasty and what are installed by the user, you need some background information.
A logfile is not so easy to analyze. Even for an advanced computer user. With the help of this automatic analyzer you are able to get some additional support. Just paste your complete logfile into the textbox at the bottom of this page.
A cause de quelques malentendus, je précise que je développe seulement cette analyse en ligne et non l'utilitaire HijackThis. 
 Service & Support  
HijackThis.de Supportforum Deutsch | English 

Current information 
Information - If you send us unknown or incorrect rated entries please fill out all the fields in english or german language. We will ignore it otherwise. We also ignore everything which doesn't contain reliable information to this entry.
Furthermore the contact forms on this page are not intended to help with your computer problems. Please use our forum if you have problems with your computer. 
 
    
Evaluation du log 
 veuillez copier votre log ci-dessous 
   
ou bien recherchez un log sauvegardé sur votre disque dur
 

The following analyses has been stored temporarily 
Logfile of Hijac...[Remove Logfile] 19.03.2007, 12:03:18 
Logfile of Hijac...[Remove Logfile] 19.03.2007, 20:02:47 
  
 Show the visitors ratings 
  
 
    
Aidez-nous à garder ce service gratuit en ligne! Faites-nous, s'il vous plaît, une petite donation via PayPal.     
 Aucun pare-feu actif n'a été trouvé sur votre système ou le pare-feu que vous utilisez nous est inconnu. Si vous n'utilisez pas de pare-feu vous devriez en télécharger un et l'installer ou activer celui de Windows XP. Au cas où vous auriez des questions ou vous désiriez que nous ajoutions votre pare-feu à notre base de données, contactez nous sur notre forum forum.hijackthis.de 
Actions Inscription Genre Visitor's assessment Information 
  Logfile of HijackThis v1.99.1  
 Votre version semble être actuelle.  
  Platform: Windows XP SP2 (WinNT 5.01.2600)  
  
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)  
 Votre version semble être actuelle.  
   C:\WINDOWS\System32\smss.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\winlogon.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\services.exe  
Safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\lsass.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\Ati2evxx.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\svchost.exe  
Safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\System32\svchost.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\LEXBCES.EXE  
Safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\Ati2evxx.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\LEXPPS.EXE  
Safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\spoolsv.exe  
Safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\Explorer.EXE  
Very safe 
This entry was classified from our visitors as good. 
   C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe  
Safe 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\gemeinsame dateien\aol\acs\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. Part of AOL 
   C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\Program Files\Alwil Software\Avast4\ashServ.exe  
Very safe 
This entry was classified from our visitors as good. 
   c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe  
Safe 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\home cinema\powercinema\kernel	v\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. CyberLink Background Capture Service 
   c:\APPS\Powercinema\Kernel\TV\CLSched.exe  
Neutral 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\home cinema\powercinema\kernel	v\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. CyberLink Task Scheduler 
   C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe  
Very safe 
CyberLink Media Library Service 
   C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe  
Safe 
CyberLink Media Library 
   c:\APPS\HIDSERVICE\HIDSERVICE.exe  
Safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\svchost.exe  
Safe 
This entry was classified from our visitors as good. 
   C:\ATI Technologies\ATI Control Panel\atiptaxx.exe  
 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\ati technologies\ati control panel\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. ATI Desktop Control Panel from ATI Technologies 
   C:\WINDOWS\SOUNDMAN.EXE  
Very safe 
This entry was classified from our visitors as good. 
   C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe  
Very safe 
Java Runtime 
   C:\Apps\Powercinema\PCMService.exe  
Safe 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\.*\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. PowerCinema 
   C:\apps\ABoard\ABoard.exe  
Very safe 
Activboard Application 
   C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe  
Neutral Non dangereux, mais tout de même superflu.
 
   C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe  
Neutral 
Checks for updates for RealPlayer 
   C:\apps\ABoard\AOSD.exe  
Safe Tâche inconnue.
This entry was classified from our visitors as good. 
   D:\msn\MsgPlus.exe  
 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\messengerplus! 3\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. Messenger Plus 
   C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe  
Very safe 
Part of Adobe Phothoshop 
   C:\WINDOWS\system32\RunDLL32.exe  
Very safe 
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows. 
   C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe  
Safe 
 
   C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe  
Very safe 
 
   C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe  
Very safe 
 
   C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\Program Files\QuickTime\qttask.exe  
Safe 
This entry was classified from our visitors as good. 
   D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe  
 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\logitech\desktop messenger\.*\program\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. Logitech Desktop Messenger 
   C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe  
Very safe 
 
   C:\Program Files\Alwil Software\Avast4\ashWebSv.exe  
Very safe 
This entry was classified from our visitors as good. 
   C:\WINDOWS\system32\ctfmon.exe  
Very safe 
This entry was classified from our visitors as good. 
   D:\SetPoint\SetPoint.exe  
 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\logitech\setpoint\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. Logitech SetPoint 
   C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe  
Very safe 
Yahoo! Messenger 
   C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE  
Very safe 
Logitech SetPoint 
   C:\Program Files\Nikon\PictureProject\NkbMonitor.exe  
Safe Tâche inconnue.
This entry was classified from our visitors as good. 
   C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe  
Very safe 
Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\windows desktop search\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. Windows Desktop Search (WDS) 
   C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe  
Neutral 
Part of Microsoft Search software. Installed with MSN toolbar. 
   C:\Program Files\Internet Explorer\iexplore.exe  
Safe 
This entry was classified from our visitors as good. 
   C:\Program Files\Internet Explorer\iexplore.exe  
Safe 
This entry was classified from our visitors as good. 
   C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe  
Safe 
Acrobat Reader 
   C:\Program Files\Microsoft Office\office11\WINWORD.EXE  
 
Microsoft Word 
   C:\Documents and Settings\bill\Mes documents\bill\hijackyhis\HijackThis.exe  
 Souvenez-vous que Hijackthis doit être exécuté dans son propre dossier. C'est seulement s'il est exécuté dans un dossier réservé, qu'il créera des sauvegardes! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe 
   R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens  
Very safe Ce site a été identifié comme étant non dangereux 
   O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll  
 Msntb.dll - MSN Toolbar, https://www.bing.com/?toHttps=1&redig=C5A5F4D5ECA345F689A948C005FF88A7  
   O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll  
Neutral Ycomp*_*_*_*.dll - Yahoo Companion!, http://companion.yahoo.com/ 
   O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)  
 
Inscription superflue (car sans effet) qui peut donc être effacée ! googletoolbar.dll, googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll, googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll - Google Toolbar  
   O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC  
Very safe Non dangereux, mais tout de même superflu. Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE 
   O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName  
Safe Non dangereux, mais tout de même superflu. Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE 
   O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"  
 Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings  
   O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE  
Safe Non dangereux, mais tout de même superflu. This entry was classified from our visitors as good. 
   O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"  
 Java von Sun 
   O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"  
Safe In a Dell\Media Experience sub-directory  
   O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"  
 Non dangereux, mais tout de même superflu. Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese) 
   O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe  
Safe Activboard Application- NEC Computers International  
   O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"  
 Non dangereux, mais tout de même superflu. MusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator  
   O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot  
Neutral Part of RealPlayer 
   O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe  
Safe This entry was classified from our visitors as good. 
   O4 - HKLM\..\Run: [MessengerPlus3] "D:\msn\MsgPlus.exe"  
 Non dangereux, mais tout de même superflu. MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that 
   O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"  
 Adobe Photoshop Album Starter Edition 
   O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513  
Safe Programme inconnu. This entry was classified from our visitors as good. 
   O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"  
 Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator  
   O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"  
Very safe Lexmark X1100 Series 
   O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT  
 Non dangereux, mais tout de même superflu. Related to Blubster Music sharing service 
   O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe  
Very safe This entry was classified from our visitors as good. 
   O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime  
Neutral Non dangereux, mais tout de même superflu. QuickTime 
   O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\uqroaoiv.dll",setvm  
 Programme inconnu.  
   O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"  
 A2Guard 
   O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=  
Safe Programme inconnu.  
   O4 - HKCU\..\Run: [LDM] D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe  
 Logitech Desktop Messenger 
   O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet  
 Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs 
   O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background  
Safe This entry was classified from our visitors as good. 
   O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"  
Very safe Ahead Nero BackItUp backup program. Only required for if you have scheduled back-ups  
   O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe  
Neutral Office related 
   O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9  
 AdobeUpdateManager 
   O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4  
 Windows Registry Repair Pro 
   O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe  
Safe This entry was classified from our visitors as good. 
   O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe  
 Logitech Desktop Messenger 
   O4 - Global Startup: Logitech SetPoint.lnk = D:\SetPoint\SetPoint.exe  
 Logitech SetPoint 
   O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\office11\ONENOTEM.EXE  
 ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work.  
   O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe  
Safe Non dangereux, mais tout de même superflu. This entry was classified from our visitors as good. 
   O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe  
Neutral Microsofts Windows Desktop Search (WDS) 
   O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm  
Safe This entry was classified from our visitors as good. 
   O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO  
 Cette inscription &Search a été identifiée comme étant méchante. 
   O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html  
Very safe Cette inscription &Traduire à partir de l'anglais a été identifiée comme étant non dangereuse. 
   O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000  
 Cette inscription E&xporter vers Microsoft Excel a été identifiée comme étant non dangereuse. 
   O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html  
Neutral Cette inscription Pages liées a été identifiée comme étant non dangereuse. 
   O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html  
 Cette inscription Pages similaires a été identifiée comme étant non dangereuse. 
   O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html  
 Cette inscription Recherche &Google a été identifiée comme étant non dangereuse. 
   O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html  
Very safe Cette inscription Version de la page actuelle disponible dans le cache Google a été identifiée comme étant non dangereuse. 
   O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll  
 Cette inscription a été identifiée comme étant non dangereuse. 
   O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll  
 Cette inscription Console Java a été identifiée comme étant non dangereuse. 
   O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll  
 Cette inscription Messenger a été identifiée comme étant non dangereuse. 
   O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll  
 Cette inscription Yahoo! Messenger a été identifiée comme étant non dangereuse. 
   O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL  
 Cette inscription Research a été identifiée comme étant non dangereuse. 
   O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)  
Safe 
Inscription superflue (car sans effet) qui peut donc être effacée ! This entry was classified from our visitors as good. 
   O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)  
Very safe 
Inscription superflue (car sans effet) qui peut donc être effacée ! This entry was classified from our visitors as good. 
   O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe  
Very safe Cette inscription Messenger a été identifiée comme étant non dangereuse. 
   O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe  
Safe Cette inscription Windows Messenger a été identifiée comme étant non dangereuse. 
   O11 - Options group: [INTERNATIONAL] International*  
Neutral  
   O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm  
Safe Effacer cette inscription si elle ne contient aucune information du revendeur de votre PC ou de votre 'Internet-Service-Provider (ISP)'. 
   O15 - Trusted Zone: http://www.emule-mania.com  
 Effacer si vous n’avez pas ajouté vous-même cette page dans vos sites a confiance. 
   O15 - Trusted Zone: http://ed2k-series-forum.new.fr  
 Effacer si vous n’avez pas ajouté vous-même cette page dans vos sites a confiance. 
   O15 - Trusted Zone: http://ed2k-series.new.fr  
 Effacer si vous n’avez pas ajouté vous-même cette page dans vos sites a confiance. 
   O15 - Trusted Zone: http://www.poplist.com  
 Effacer si vous n’avez pas ajouté vous-même cette page dans vos sites a confiance. 
   O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll  
Neutral Cette inscription a été identifiée comme étant non dangereuse. 
   O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll  
  
   O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)  
Safe Cette inscription a été identifiée comme étant non dangereuse. This entry was classified from our visitors as good. 
   O18 - Filter: text/html - (no CLSID) - (no file)  
  
   O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe  
 Ce service (AOLacsd.exe) a été identifié comme étant légitime.  
   O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe  
Very safe Ce service (aswUpdSv.exe) a été identifié comme étant légitime.  
   O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe  
Safe Ce service (Ati2evxx.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good. 
   O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe  
Very safe Ce service (ashServ.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good. 
   O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)  
Very safe Ce service (ashMaiSv.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good. 
   O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)  
Very safe Ce service (ashWebSv.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good. 
   O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe  
 Ce service (CLCapSvc.exe) a été identifié comme étant légitime.  
   O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe  
Safe Ce service (CLSched.exe) a été identifié comme étant légitime.  
   O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe  
Neutral Ce service (CLMLServer.exe) a été identifié comme étant légitime.  
   O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe  
Safe Ce service (HIDSERVICE.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good. 
   O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE  
Safe Ce service (LEXBCES.EXE) a été identifié comme étant légitime. This entry was classified from our visitors as good. 
   O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe  
Neutral Ce service (mysqld-nt.exe) a été identifié comme étant légitime.  
   O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)  
 Ce service (ALUSchedulerSvc.exe) a été identifié comme étant légitime.  
Short analysis
La mise en oeuvre de ces conseils est à vos propres risques et périls ! 
 
    
© 2004 - 2007 Mathias Mattner | Contact | Developer API

billy57 · Answer

coucou y aurai-t-il une bonne ame pour m'aider svp

billy57 · Answer

en espérant avoir une reponse demain je vous souhaite une bonne nuit.

billy57 · Answer

bonjour,dites moi pourquoi personne ne veuille m'aider!!!


je vais remettre le resulat apres avoir utilisé hijackthis et vundofix
mais svp helpppppppppppp

Logfile of HijackThis v1.99.1
Scan saved at 13:56:42, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\msn\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
D:\SetPoint\SetPoint.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {6BBFDBD0-0C28-44A9-99F3-81F3EB2618BA} - C:\WINDOWS\system32\ljjjggh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O2 - BHO: (no name) - {FE0C738C-E51D-4326-A272-34821F3E9E75} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\msn\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\uqroaoiv.dll",setvm
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\office11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.emule-mania.com
O15 - Trusted Zone: http://ed2k-series-forum.new.fr
O15 - Trusted Zone: http://ed2k-series.new.fr 
O15 - Trusted Zone: http://www.poplist.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: ssqnkhh - ssqnkhh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)





helpppppppppppppppppppppppppppppp snif

billy57 · Answer

bon et cela ça vous aide!!!!!!!


VundoFix V6.3.17

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 20:51:23 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvspm.dll
C:\WINDOWS\system32\cobcjlxy.dll
C:\WINDOWS\system32\fhhkj.bak2
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\gebbxuv.dll
C:\WINDOWS\system32\gebyyww.dll
C:\WINDOWS\system32\hggdcya.dll
C:\WINDOWS\system32\hggfeby.dll
C:\WINDOWS\system32\hggghfc.dll
C:\WINDOWS\system32\iifedaa.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\ljjjggh.dll
C:\WINDOWS\system32\qomljif.dll
C:\WINDOWS\system32\qomnmlj.dll
C:\WINDOWS\system32\rqrqpmm.dll
C:\WINDOWS\system32\urqnkkh.dll
C:\WINDOWS\system32\vtusppp.dll
C:\WINDOWS\system32\vtustus.dll
C:\WINDOWS\system32\wvurqqo.dll

Beginning removal...

VundoFix V6.3.17

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 13:35:56 20/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvspm.dll
C:\WINDOWS\system32\cobcjlxy.dll
C:\WINDOWS\system32\fhhkj.bak2
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\gebbxuv.dll
C:\WINDOWS\system32\gebyyww.dll
C:\WINDOWS\system32\hggdcya.dll
C:\WINDOWS\system32\hggfeby.dll
C:\WINDOWS\system32\hggghfc.dll
C:\WINDOWS\system32\iifedaa.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\ljjjggh.dll
C:\WINDOWS\system32\qomljif.dll
C:\WINDOWS\system32\qomnmlj.dll
C:\WINDOWS\system32\rqrqpmm.dll
C:\WINDOWS\system32\urqnkkh.dll
C:\WINDOWS\system32\vtusppp.dll
C:\WINDOWS\system32\vtustus.dll
C:\WINDOWS\system32\wvurqqo.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxvspm.dll
C:\WINDOWS\system32\byxvspm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\fhhkj.bak2
C:\WINDOWS\system32\fhhkj.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gebbxuv.dll
C:\WINDOWS\system32\gebbxuv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gebyyww.dll
C:\WINDOWS\system32\gebyyww.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hggdcya.dll
C:\WINDOWS\system32\hggdcya.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hggfeby.dll
C:\WINDOWS\system32\hggfeby.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hggghfc.dll
C:\WINDOWS\system32\hggghfc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\iifedaa.dll
C:\WINDOWS\system32\iifedaa.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ljjjggh.dll
C:\WINDOWS\system32\ljjjggh.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\qomljif.dll
C:\WINDOWS\system32\qomljif.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qomnmlj.dll
C:\WINDOWS\system32\qomnmlj.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\rqrqpmm.dll
C:\WINDOWS\system32\rqrqpmm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\urqnkkh.dll
C:\WINDOWS\system32\urqnkkh.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtusppp.dll
C:\WINDOWS\system32\vtusppp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtustus.dll
C:\WINDOWS\system32\vtustus.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\wvurqqo.dll
C:\WINDOWS\system32\wvurqqo.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.17

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 13:39:45 20/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\ljjjggh.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ljjjggh.dll
C:\WINDOWS\system32\ljjjggh.dll Has been deleted!

Performing Repairs to the registry.
Done!

billy57 · Answer

bonjour,lorsque je me suis inscrit sur ce forum,l'on ma demandé d'etre poli,malheureusement je crois bien que la politesse ne vas que dans un sens sur ce forum!!!

je voudrais tout de meme remercier les personnes du forum sur la toile pour leur aide precieuse et un grand merci, sur ceux messieurs mesdames bonne journée

Winantivir and co

5 réponses

Discussions similaires